High severityNVD Advisory· Published Apr 8, 2019· Updated Aug 4, 2024

CVE-2019-0611

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0592.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability in Microsoft Edge's Chakra scripting engine due to memory corruption in object handling.

Vulnerability

CVE-2019-0611 is a remote code execution vulnerability in the Chakra scripting engine used by Microsoft Edge. The bug arises from how the engine handles objects in memory, leading to memory corruption [1].

Exploitation

An attacker could host a specially crafted website designed to trigger the memory corruption when visited with Microsoft Edge. No special privileges are required; the victim simply needs to view the malicious page, which can be done via email or instant messaging lures [2].

Impact

Successful exploitation grants the attacker the same user rights as the current user. If the user has elevated privileges, the attacker could gain full control, including installing programs, viewing or changing data, or creating new accounts [2].

Mitigation

Microsoft released a security update as part of the April 2019 Patch Tuesday, fixing the issue in ChakraCore versions 1.11.7 and later. Users should apply the update to Microsoft Edge and any applications using ChakraCore [2].

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.ChakraCoreNuGet	< 1.11.7	1.11.7

Affected products

Microsoft/Chakrallm-fuzzy
ghsa-coords
pkg:nuget/microsoft.chakracore
Range: < 1.11.7
Microsoft/Chakracorecpe-rescue
Range: unspecified
Microsoft/Edgecpe-rescue
Range: Windows 10 Version 1703 for 32-bit Systems

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-7ph8-f946-q5r7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-0611ghsaADVISORY
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0611ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000