The Chakra JavaScript scripting engine in Microsoft Edge allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft edge |
Thankfully most users are patched
Authors of the Sundown exploit kit have integrated a since patched and limited Microsoft Edge vulnerability from a security firm's public proof-of-concept. The addition of the twin bugs (CVE-2016-7200 and CVE-2016-7201) means unpactched users of one of the world's most unpopular web browsers are likely to be targeted by a wide cross-section of malware writers. It is no cause for high concern for most Windows users: the Edge browser by default applies patches automatically meaning fewer users wou...