用户聊天时查看特定文本代码就会中毒:火绒通报腾讯 QQ NT 9.9.25.42744 ...

近日,火绒安全团队发现腾讯 QQ NT 9.9.25.42744 Windows 版本存在 JavaScript 注入漏洞,该漏洞可在有限的沙箱环境内执行 JavaScript 代码。攻击者利用该漏洞,只需在聊天框内(如群聊、好友聊天等)发送特定文本代码,用户在查看此特定文本代码时就会中毒。
Computerworld

Blocking JavaScript can stop some Windows malware

Email attachments are probably the most common mechanism for infecting a Windows computer. As potential victims get wise to the tried and true infection schemes, bad guys have a relatively new wrinkle ...
Visual Studio Magazine

Hosting JavaScript in a Windows 10 App

An introduction to the Chakra JavaScript engine and how it can be used within a Windows 10 app to execute JavaScript. Initially, the concept of executing JavaScript within a Universal Windows Platform ...