The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.”
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
github.com/chakra-core/ChakraCore
github.com/chakra-core/ChakraCore/commit/ff9067ebe9e1c92eff4e25da95070bfd5942da07
nvd.nist.gov/vuln/detail/CVE-2016-3202
web.archive.org/web/20211129115034/www.securitytracker.com/id/1036099
web.archive.org/web/20211208124350/www.securitytracker.com/id/1036096