ChakraCore RCE Vulnerability

GHSA-67x3-36j7-pj4g · CVE-2018-8385

Published May 13, 2022 · Modified Feb 16, 2024

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-8385
WEB https://github.com/chakra-core/ChakraCore/pull/5596
WEB https://github.com/chakra-core/ChakraCore/commit/f00612bbc3657f1ec33a9e7d575c16a5489d06aa
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8385
WEB https://web.archive.org/web/20210124195607/http://www.securityfocus.com/bid/105039
WEB https://web.archive.org/web/20211203061111/http://www.securitytracker.com/id/1041457

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes