CVE-2019-0592

The Chakra scripting engine in Microsoft Edge is affected by a memory corruption vulnerability, identified as CVE-2019-0592. The issue lies in how the engine handles objects in memory, which can be exploited to trigger a remote code execution condition [1][2].

An attacker would host a specially crafted website (or leverage a compromised site) that contains malicious content targeting the vulnerability. If a user visits such a site via Microsoft Edge, the attacker could potentially execute arbitrary code on the victim's system. No special user interaction beyond normal browsing is required [1][2].

Successful exploitation could grant the attacker the same user rights as the current user. If the user is logged in with administrative privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full user rights [1].

Microsoft addressed this vulnerability in a security update, releasing patched versions of ChakraCore (1.11.7 and later) [2]. Users should ensure Edge and ChakraCore are updated to the latest versions to mitigate the risk.