High severityNVD Advisory· Published Apr 9, 2019· Updated Aug 4, 2024

CVE-2019-0810

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2019-0810 is a remote code execution vulnerability in the Chakra scripting engine (Microsoft Edge) due to a type confusion during JIT object reoptimization.

Vulnerability

Overview CVE-2019-0810 is a remote code execution vulnerability in the Chakra scripting engine that affects Microsoft Edge. The root cause is a memory corruption issue that occurs when the engine improperly handles objects in memory. Specifically, as detailed in the ZDI advisory (ZDI-19-361), the flaw lies in the handling of reoptimization of JavaScript objects within the JIT compiler. By performing specific JavaScript actions, an attacker can trigger a type confusion condition [1][4].

Exploitation

Scenario Exploitation requires user interaction: the target must visit a malicious webpage or open a malicious file that triggers the vulnerable code path. No additional authentication or privileges are needed on the target system beyond visiting the crafted content. The attack is network-based (AV:N) with low attack complexity (AC:L) and no privileges required (PR:N) [4].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process, typically running with the same privileges as the user (e.g., in Microsoft Edge's renderer process). The CVSS v3.0 score is 8.8 with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) [4].

Mitigation

Status Microsoft released a security update on April 9, 2019, to address this vulnerability, and the fix was integrated into the ChakraCore repository (Pull Request #6087) [1]. Users should apply the latest Microsoft Edge or ChakraCore updates. According to the ChakraCore project README, security updates for ChakraCore 1.11 continued until March 9, 2021, but the project is no longer actively maintained for future versions [3].

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.ChakraCoreNuGet	< 1.11.8	1.11.8

Affected products

Microsoft/Chakrallm-fuzzy
Microsoft/Microsoft Edgellm-fuzzy
ghsa-coords
pkg:nuget/microsoft.chakracore
Range: < 1.11.8
Microsoft/Chakracorecpe-rescue
Range: unspecified
Microsoft/Edgecpe-rescue
Range: Windows 10 for 32-bit Systems

Patches

35ee5053bfc3

CVE-2019-0810 Type Confusion with DeleteElemI_A & DeleteElemIStrict_A - 360Vulcan

https://github.com/chakra-core/ChakraCoreMeghana GuptaMar 12, 2019via ghsa

commit

1 file changed · +10 −3

lib/Backend/GlobOptFields.cpp+10 −3 modified

@@ -237,10 +237,17 @@ GlobOpt::KillLiveElems(IR::IndirOpnd * indirOpnd, BVSparse<JitArenaAllocator> *
         this->KillAllFields(bv); // This also kills all property type values, as the same bit-vector tracks those stack syms
         SetAnyPropertyMayBeWrittenTo();
     }
-    else if (inGlobOpt && indexOpnd && !indexOpnd->GetValueType().IsInt() && !currentBlock->globOptData.IsInt32TypeSpecialized(indexOpnd->m_sym))
+    else if (inGlobOpt)
     {
-        // Write/delete to a non-integer numeric index can't alias a name on the RHS of a dot, but it change object layout
-        this->KillAllObjectTypes(bv);
+        Value * indexValue = indexOpnd ? this->currentBlock->globOptData.FindValue(indexOpnd->GetSym()) : nullptr;
+        ValueInfo * indexValueInfo = indexValue ? indexValue->GetValueInfo() : nullptr;
+        int indexLowerBound = 0;
+
+        if (indirOpnd->GetOffset() < 0 || (indexOpnd && (!indexValueInfo || !indexValueInfo->TryGetIntConstantLowerBound(&indexLowerBound, false) || indexLowerBound < 0)))
+        {
+            // Write/delete to a non-integer numeric index can't alias a name on the RHS of a dot, but it change object layout
+            this->KillAllObjectTypes(bv);
+        }
     }
 }

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-2mmc-5phj-4wjjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-0810ghsaADVISORY
github.com/chakra-core/ChakraCore/commit/35ee5053bfc3186da193b9cd85e9a5916580bf80ghsaWEB
github.com/chakra-core/ChakraCore/pull/6087ghsaWEB
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0810ghsax_refsource_MISCWEB
www.zerodayinitiative.com/advisories/ZDI-19-361ghsaWEB
www.zerodayinitiative.com/advisories/ZDI-19-361/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.011
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000