Zhen Feng

Researcher fromKeenLab, Tencent
#10747of 53,635
25.7Total CVSS
Vulnerabilities · 3
High
3
PT-2019-5059
9.3
2019-11-25
Google · Google Chrome · CVE-2019-13735
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to an out of bounds write in JavaScript, which can be exploited by a remote attacker using a specially crafted HTML page. This could allow the attacker to execute arbitrary code inside a sandbox, potentially leading to unauthorized access to protected information and disruption of its integrity and availability. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted HTML pages to minimize the risk of exploitation.
PT-2016-1989
7.6
2016-05-10
Microsoft · Chakra Javascript Engine · CVE-2016-0193
**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow in the Chakra JavaScript engine of Microsoft Edge. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2016-2099
8.8
2016-03-29
Apple · Safari · CVE-2016-1857
**Name of the Vulnerable Software and Affected Versions** Apple Safari (affected versions not specified) iOS (affected versions not specified) **Description** The issue is caused by a buffer overflow in the WebKit component. It may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted website. The vulnerability can be exploited through a remote code execution in Apple Safari, related to a use-after-free issue in the ArrayStorage DFG Optimization. **Recommendations** For Apple Safari, consider restricting access to potentially vulnerable websites until a patch is available. For iOS, as a temporary workaround, consider disabling the WebKit-related functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.