A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658