JavaScript just-in-time compilation and some memory meddling make a mess

Back in February 2018, Google's Project Zero went public with a Microsoft Edge bug that Redmond couldn't fix in time for its next patch release.

Now, the Google researcher - Ivan Fratric - has provided a detailed technical explanation of the problem and says Microsoft's fix might not be adequate.

Fratric discovered that an interaction between just-in-time JavaScript compilation, Edge’s Chakra JavaScript engine, and Arbitrary Code Guard that gave attackers an arbitrary code execution vector.

Arbitrary Code Guard (ACG) is designed to prevent code being dynamically modified, and had its most recent enhancements in March 2017.

Fratric explained the problem in this post last Thursday: “When ACG is applied to a Microsoft Edge Content Process, it makes it impossible to allocate new executable memory within a process or modify existing executable memory.

The text above is a summary, you can read full article here.