Question

Security researchers recently discovered a flaw in the Chakra JavaScript scripting engine in Microsoft's Edge browser that could allow remote execution or denial of service via a specifically crafted website.

The CVSS 3.0 score for this vulnerability reads:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What is the attack vector and the impact to integrity based on this rating?

A. System, 9, 8
B. Browser, High
C. Network, High
D. None, High

Answer 1

The attack vector for the vulnerability in Microsoft's Edge browser is Network, indicating remote exploitability, and the impact to integrity is High, suggesting data or system files could be compromised.

Step-by-step explanation:

The attack vector and the impact to integrity, based on the provided CVSS 3.0 score for the vulnerability in the Chakra JavaScript engine, can be determined by examining the score's components. The score string is CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

The 'AV' stands for Attack Vector. In this case, it is 'N' which means Network. This tells us that the vulnerability can be exploited through the network which typically means that the attacker can exploit it remotely over the internet.

The 'I' stands for Integrity. In this rating, the impact on integrity is 'H' which stands for High. This indicates that the flaw in the browser's JavaScript engine could allow an attacker to alter system files, data, or both on a victim's system if the vulnerability is successfully exploited.

Hackers have a variety of methods such as breaking into websites or using crafted links to exploit such vulnerabilities, which can lead to remote execution or denial of service.