VYPR
← All advisories
High severityNVD Advisory· Published Apr 9, 2019· Updated Aug 4, 2024

CVE-2019-0829

CVE-2019-0829

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability in Chakra scripting engine due to memory corruption, exploitable via specially crafted website in Microsoft Edge.

Vulnerability

Details

CVE-2019-0829 is a remote code execution vulnerability in the Chakra scripting engine used by Microsoft Edge. The root cause is a type confusion in the JIT compiler due to missing implicit call flags when handling property accesses. The commit [4] shows the fix: adding ImplicitCall_Accessor flags to ensure proper type safety. The NVD entry [2] describes it as a memory corruption vulnerability.

Attack

Vector

To exploit this vulnerability, an attacker would host a specially crafted website that triggers the memory corruption via Chakra's object handling. The user must visit the malicious site using Microsoft Edge. No additional authentication or privileges are needed, as the vulnerability is in the browser's script engine.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, or manipulate data. The vulnerability is rated high severity.

Mitigation

Microsoft released a security update in April 2019 that patches this issue in Edge and ChakraCore [1]. The ChakraCore project is now community-maintained and will continue to receive security updates for version 1.11 until March 2021 [3]. Users should apply the latest updates to mitigate this and other related vulnerabilities [2].

References
  1. April servicing update for ChakraCore by akroshg · Pull Request #6087 · chakra-core/ChakraCore
  2. NVD - CVE-2019-0829
  3. GitHub - chakra-core/ChakraCore: ChakraCore is an open source Javascript engine with a C API.
  4. CVE-2019-0829 Edge - Chakra JIT Type Confusion (case38) - · chakra-core/ChakraCore@b03a961

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.11.81.11.8

Affected products

5

Patches

1
b03a96112fb0

CVE-2019-0829 Edge - Chakra JIT Type Confusion (case38) -

https://github.com/chakra-core/ChakraCorePaul LeathersMar 21, 2019via ghsa
commit
1 file changed · +4 0
  • lib/Runtime/Library/JavascriptRegExpConstructor.cpp+4 0 modified
    @@ -360,6 +360,10 @@ namespace Js
                 EnsureValues(); // The last match info relies on the last input. Use it before it is changed.
                 this->lastInput = tempInput;
             }
+
+            // Set implicit call flags since we are not necessarily making the original stored value available on re-load
+            // and are killing the store that backs two exposed properties.
+            this->GetScriptContext()->GetThreadContext()->AddImplicitCallFlags(ImplicitCall_Accessor);
             *result = true;
             return true;
         case PropertyIds::lastMatch:

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.