Microsoft Edge Chakra JIT Op_MaxInAnArray / Op_MinInAnArray Misuse
Microsoft Edge: Chakra: JIT: OpMaxInAnArray and OpMinInAnArray can explicitly call user defined JavaScript functions CVE-2017-11893 1. Call patterns like "Math.max.applyMath, 1, 2, 3, 4, 5" and "Math.max.applyMath, arr" can be optimized to directly call the method "JavascriptMath::MaxInAnArray" i...