(CVE-2018-8495) Chaining a few bugs in Edge I was able to achieve remote code execution by mainly abusing custom URI schemes.

https://leucosite.com/Microsoft-Edge-RCE/