Microsoft patched a bevy of critical bugs impacting its Edge browser that could allow an attacker to hijack a targeted PC simply by steering a victim to a rigged website harboring specially crafted exploit code. In all, Microsoft tackled four critical Edge vulnerabilities, part of the company’s first 2019 round of Patch Tuesday bug fixes.
Each of the browser bugs are memory corruption vulnerabilities. Three (
CVE-2019-0539,
CVE-2019-0568,
CVE-2019-0567) are tied to Microsoft’s own JavaScript engine called Chakra Scripting Engine. The fourth (
CVE-2019-0565) is a remote code execution vulnerability that exists when Edge improperly accesses objects in memory, according to Microsoft.
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks