Microsoft Edge Vulnerability Could Allow Remote Code Execution

A researcher published exploit code that could be used against a memory corruption vulnerability affecting the JavaScript engine, ChakraCore, in the Microsoft Edge browser. Successful exploitation of the vulnerability could allow a remote threat actor to execute code with the same privileges as the logged in user, possibly allowing them to install programs; view, change, or delete data; or create new users with elevated privileges. Threat actors could convince vulnerable users to visit a website specially crafted to exploit the Edge flaw to gain user rights. The NJCCIC recommends users and administrators of vulnerable Microsoft Edge browsers update their browser to the most current version and review the phoenhex team research and Microsoft’s advisory for more information.

AdvisoryNJCCICMicrosoft, edge