A vulnerability in the Microsoft ChakraCore scripting engine in Microsoft Edge could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to improper memory operations that are performed by the affected software. An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software on a targeted system. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the targeted system. If the user has elevated privileges, the attacker could compromise the system completely.
Microsoft has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium