CVE-2019-15758

An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js...

November 2, 2017—KB4049370 (OS Build 15063.675)

November 2, 2017—KB4049370 OS Build 15063.675 Improvements and fixes This release is intended for Microsoft Surface Laptop audiences only. This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where...

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the lack of array guards used in the asmjs on x86, allowing RCE attacks...

Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses(CVE-2017-8645)

When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link asmjs function to treat it as a normal javascript function. But it incorrectly handles the case where the function is a class. It starts to parse from the start of the class declaration instead of the constructor. ...

Microsoft Edge Charka Failed Re-Parse

Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses CVE-2017-8645 When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link asmjs function to treat it as a normal javascript function. But it incorrectly handles the case where...