Chakra: Type Confusion Vulnerability – CVE-2016-7201

Introduction: Last year in the month of September, the Project Zero team from Google disclosed vulnerabilities in the Microsoft JavaScript engine Chakra. CVE-2016-7200 and CVE-2016-7201 are two such bugs that caught the limelight. Even though it’s an old bug it is worth discussing their specifics. Both of these vulnerabilities went from PoC of vulnerability to … Continue reading “Chakra: Type Confusion Vulnerability – CVE-2016-7201”

Sundown Exploit Kit Attacking Microsoft Edge Browser

The Sundown Exploit Kit that first came to light in mid 2016, appears to be under aggressive development. The exploit-kit is actively attacking the Edge Browser from Microsoft shipped with Windows 10. Specifically, the exploit-kit is targeting CVE-2016-7200 and CVE-2016-7201 which Microsoft fixed with update MS16-129, released on Patch Tuesday in the month of November. The vulnerability … Continue reading “Sundown Exploit Kit Attacking Microsoft Edge Browser”