ChakraCore Security Bypass

GHSA-wg47-6cqc-q52j · CVE-2018-8276

Published May 13, 2022 · Modified Nov 30, 2024

Description

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-8276
WEB https://github.com/chakra-core/ChakraCore/commit/4196f8097afdcc5fe01ce2966871712fb24003a3
PACKAGE https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276
WEB https://web.archive.org/web/20210124183457/http://www.securityfocus.com/bid/104626
WEB https://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes