PT-2018-18523 · Microsoft · Chakracore+1

4B5F5F4B

Published

2018-07-10

Updated

2022-05-13

CVE-2018-8276

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Edge (affected versions not specified) ChakraCore (affected versions not specified)

Description A security feature bypass issue exists in the Microsoft Chakra scripting engine, allowing Control Flow Guard (CFG) to be bypassed. This issue does not enable arbitrary code execution on its own but can be used in conjunction with another vulnerability, such as a remote code execution issue, to achieve arbitrary code execution on a target system.

Recommendations For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For ChakraCore, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-8276

GHSA-WG47-6CQC-Q52J

Affected Products

Chakracore

Edge

PT-2018-18523 · Microsoft · Chakracore+1

CVE-2018-8276

Related Identifiers

Affected Products

References · 10