Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2020-20376)

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2020-20375)

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2020-20369)

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2020-20368)

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Microsoft Edge/Internet Explorer Information Leakage Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

Microsoft Edge Security Bypass Vulnerability (CNVD-2019-42801)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge EdgeHTML-based, which arises from the program failing to properly handle extension requests and failing to request host privileges for...

Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2019-42800)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A scripting engine memory corruption vulnerability exists in Microsoft Edge based on EdgeHTML. The vulnerability stems from a problem in the way the scripting engine handles objects in...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2019-42790)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An information disclosure vulnerability exists in Microsoft Edge based on EdgeHTML, which arises from the program's failure to properly handle memory objects. An attacker could exploit th...

Microsoft Edge and Internet Explorer Spoofing Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

Microsoft Internet Explorer and Microsoft Edge Security Feature Bypass Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2019-42791)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An information disclosure vulnerability exists in Microsoft Edge EdgeHTML-based, which arises from the program's failure to properly handle memory objects. An attacker could exploit the...

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference

function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference Exploit

function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...

Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service

Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit Title: Microsoft Edge edgehtml.dll!Tree::ANode::DocumentLayout. Denial of Service PoC Google Dork: N/A Date: 2018-11-11 Exploit Author: Bogdan Kurinnoy [email protected] Vendor Homepage:...

Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service

Exploit Title: Microsoft Edge edgehtml.dll!Tree::ANode::DocumentLayout. Denial of Service PoC Google Dork: N/A Date: 2018-11-11 Exploit Author: Bogdan Kurinnoy [email protected] Vendor Homepage: https://www.microsoft.com/ Version: Microsoft Edge 42.17134.1.0 Microsoft EdgeHTML 17.17134 Tested...

Microsoft building Chrome-based browser to replace Edge on Windows 10

It is no secret how miserably Microsoft's 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements. According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium -based...

Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion

Microsoft Edge: Chakra: Bugs in InitializeNumberFormat and InitializeDateTimeFormat CVE-2018-8298 The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of eac...

Microsoft Edge: Memory corruption with Object.setPrototypeOf(CVE-2017-8751)

I accidentally found this while trying to reproduce another bug in Edge. Failed to reproduce on Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. Tested on Microsoft Edge 40.15063.0.0, Microsoft EdgeHTML 15.15063 Insider Preview. Crash Log: First chance exceptions are reported before a...

Microsoft Edge: Out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal(CVE-2017-8644)

The vulnerability has been confirmed on Windows 10 Enterprise 64-bit OS version 1607, OS build 14393.1198 and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393. PoC: ========================================== input:focus transform: scale10; =========================================...