VYPR
← All advisories
High severityNVD Advisory· Published Apr 9, 2019· Updated Aug 4, 2024

CVE-2019-0860

CVE-2019-0860

Description

CVE-2019-0860 is a remote code execution vulnerability in Microsoft Edge's Chakra scripting engine due to memory corruption when handling objects in memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2019-0860 is a remote code execution vulnerability in Microsoft Edge's Chakra scripting engine due to memory corruption when handling objects in memory.

Vulnerability

Overview

CVE-2019-0860 is a remote code execution vulnerability in the Chakra scripting engine used by Microsoft Edge. The issue arises from how the engine handles objects in memory, leading to memory corruption [3]. This type of flaw can be triggered when a user visits a specially crafted webpage using Edge, allowing an attacker to exploit the memory corruption to gain code execution in the context of the current user [1][3]. The vulnerability was discovered by Su Young Lee of the Web Security and Privacy Lab at KAIST [2].

Exploitation

Characteristics

Exploitation of this vulnerability requires no authentication and can be performed remotely [2]. The attack vector is via a malicious website that leverages the memory corruption in Chakra. The vulnerability affects Microsoft Edge on various Windows 10 versions, including x86 and x64-based systems [2]. The successful exploitation does not depend on any special user privileges beyond browsing to the malicious site.

Impact and

Mitigation

If successfully exploited, an attacker can execute arbitrary code on the target system with the same rights as the user running Edge. This could lead to full compromise of the affected system, including installation of programs, data manipulation, or creation of new accounts [3]. Microsoft addressed this vulnerability in the April 2019 security update for Edge and ChakraCore. The ChakraCore open-source project also received a corresponding fix via pull request #6087 [1]. It is recommended that users apply the latest updates from Microsoft to mitigate this risk.

References
  1. April servicing update for ChakraCore by akroshg · Pull Request #6087 · chakra-core/ChakraCore
  2. Microsoft Edge Chakra Scripting Engine CVE-2019-0860 Remote Memory Corruption Vulnerability
  3. NVD - CVE-2019-0860

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.11.81.11.8

Affected products

3

Patches

1
9a9ece61b560

CVE-2019-0860 [ChakraCore] - possible Security Issue - Individual

https://github.com/chakra-core/ChakraCorePaul LeathersMar 20, 2019via ghsa
commit
2 files changed · +7 3
  • lib/Backend/GlobOpt.cpp+5 1 modified
    @@ -3258,10 +3258,14 @@ GlobOpt::OptSrc(IR::Opnd *opnd, IR::Instr * *pInstr, Value **indirIndexValRef, I
         }
         originalPropertySym = sym->AsPropertySym();
 
-        // Dont give a vale to 'arguments' property sym to prevent field copy prop of 'arguments'
+        // Don't give a value to 'arguments' property sym to prevent field copy prop of 'arguments'
         if (originalPropertySym->AsPropertySym()->m_propertyId == Js::PropertyIds::arguments &&
             originalPropertySym->AsPropertySym()->m_fieldKind == PropertyKindData)
         {
+            if (opnd->AsSymOpnd()->IsPropertySymOpnd())
+            {
+                this->FinishOptPropOp(instr, opnd->AsPropertySymOpnd());
+            }
             return nullptr;
         }
  • lib/Backend/Lower.cpp+2 2 modified
    @@ -6223,7 +6223,7 @@ Lowerer::GenerateLdFldWithCachedType(IR::Instr * instrLdFld, bool* continueAsHel
 
     // Load the value from the slot, getting the slot ID from the cache.
     uint16 index = propertySymOpnd->GetSlotIndex();
-    Assert(index != -1);
+    AssertOrFailFast(index != (uint16)-1);
 
     if (opndSlotArray->IsRegOpnd())
     {
@@ -7204,7 +7204,7 @@ Lowerer::GenerateDirectFieldStore(IR::Instr* instrStFld, IR::PropertySymOpnd* pr
 
     // Store the value to the slot, getting the slot index from the cache.
     uint16 index = propertySymOpnd->GetSlotIndex();
-    Assert(index != -1);
+    AssertOrFailFast(index != (uint16)-1);
 
 #if defined(RECYCLER_WRITE_BARRIER_JIT) && (defined(_M_IX86) || defined(_M_AMD64))
     if (opndSlotArray->IsRegOpnd())

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.