Microsoft Edge Memory Corruption Vulnerability (CNVD-2016-04193)

Microsoft Edge is a browser that comes with win10. A memory corruption vulnerability exists in the way the Chakra JavaScript engine used by Microsoft Edge is rendered, allowing remote attackers to exploit the vulnerability to build special WEB pages that users are tricked into parsing, which can...

Microsoft Internet Explorer 11 Garbage Collector Attribute Type Confusion

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion ============================================================================ This information is available in an easier to read format on my blog at http://blog.skylined.nl/ With MS16-063 Microsoft has patched...

CVE-2016-3205

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

CVE-2016-3214

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199...

CVE-2016-3199

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214...

CVE-2016-3214

The CVE-2016-3214 entry concerns the Chakra JavaScript engine used by Microsoft Edge. The provided documents describe a memory corruption vulnerability in Chakra that can be triggered by a crafted web site, enabling remote code execution or a denial of service. The connected advisories and CVE re...

CVE-2016-3199

The Chakra JavaScript engine in Microsoft Edge is affected by CVE-2016-3199, described as a memory corruption vulnerability triggered by a crafted web site that can lead to remote code execution or a denial of service. Connected advisories (GHSA-VFJW-CRCQ-Q92V and GHSA-538H-6RV2-WMJ3) reference a...

Microsoft Edge Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04074)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JavaScript engine is a JavaScript engine component used by Edge web browser. A memory vulnerability exists in the way the Chakra JavaScript engine used in...

MS16-068: Cumulative Security Update for Microsoft Edge (3163656)

The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3163656. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists due to a failure to properly validate specially crafted documents. An...

chromium-browser: out-of-bounds read in v8

The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service out-of-bounds read via crafted JavaScript code...

chromium-browser: heap overflow in v8

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

UBUNTU-CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

DEBIAN-CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impa...

CVE-2016-0186

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0191 and CVE-2016-0193...

Memory corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

CVE-2016-0186

CVE-2016-0186 affects the Microsoft Edge Chakra JavaScript Engine. The root cause is improper validation in Array.unshift/Array.shift, leading to memory corruption that can enable remote code execution or memory DoS via a crafted web page. The CVE is discussed alongside other Chakra vulnerabiliti...

CVE-2016-0191

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

CVE-2016-0191

CVE-2016-0191 concerns a memory corruption/remote code execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The initial description states that a crafted website can trigger arbitrary code execution or a denial of service, but the connected documents do not supply concr...

Microsoft Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03020)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JScript engine is a JavaScript engine component used by IE and Edge web browser. A memory corruption vulnerability exists in the way the Microsoft Chakra...

Google Chrome Address Bar Forgery Vulnerability (CNVD-2016-02825)

Google Chrome is a popular web browser. Google Chrome V8 suffers from an address bar forgery vulnerability that allows remote attackers to exploit the vulnerability to build malicious WEB pages, trick users into parsing them, and spoof the address bar...