CVE-2019-1196— Chakra Scripting Engine Memory Corruption Vulnerability

CVSS 4.2 · Medium EPSS 1.33% · P80 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1196

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Chakra Scripting Engine Memory Corruption Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Edge和ChakraCore 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft ChakraCore和Microsoft Edge都是美国微软（Microsoft）公司的产品。ChakraCore是使用在Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分，也可作为单独的JavaScript引擎使用。Microsoft Edge是一款Windows 10之后版本系统附带的Web浏览器。 Microsoft Edge和ChakraCore中存在远程代码执行漏洞。攻击者可利用该漏洞在当前用户的上下文中执行任意代码，损坏内存。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft	ChakraCore	0 ~ publication	`cpe:2.3:a:microsoft:chakracore::::::::`
Microsoft	Microsoft Edge (EdgeHTML-based)	1.0..0 ~ publication	`cpe:2.3:a:microsoft:edge:-:::::::*`

II. Public POCs for CVE-2019-1196

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-1196

请登录查看更多情报信息。

Same Patch Batch · Microsoft · 2019-08-14 · 88 CVEs total

CVE-2019-1226	9.8 CRITICAL	Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1222	9.8 CRITICAL	Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-0736	9.8 CRITICAL	Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-1213	9.8 CRITICAL	Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-1182	9.8 CRITICAL	Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1212	9.8 CRITICAL	Windows DHCP Server Denial of Service Vulnerability
CVE-2019-1181	9.8 CRITICAL	Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1152	8.8 HIGH	Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1149	8.8 HIGH	Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1150	8.8 HIGH	Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1151	8.8 HIGH	Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1145	8.8 HIGH	Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1144	8.8 HIGH	Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1140	8.8 HIGH	Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0720	8.0 HIGH	Hyper-V Remote Code Execution Vulnerability
CVE-2019-1170	7.9 HIGH	Windows NTFS Elevation of Privilege Vulnerability
CVE-2019-1156	7.8 HIGH	Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1164	7.8 HIGH	Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1157	7.8 HIGH	Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1155	7.8 HIGH	Jet Database Engine Remote Code Execution Vulnerability

Showing top 20 of 88 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ChakraCore

Same vendor: Microsoft

V. Comments for CVE-2019-1196

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-1196— Chakra Scripting Engine Memory Corruption Vulnerability

I. Basic Information for CVE-2019-1196

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-1196

III. Intelligence Information for CVE-2019-1196

Same Patch Batch · Microsoft · 2019-08-14 · 88 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-1196

Leave a comment