A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | lt | 1.10.1 |
github.com/advisories/GHSA-gxxx-j8m7-hh7m
github.com/chakra-core/ChakraCore/commit/7af07fdfb3cf3ac2b21dd71bf565ab1135e62d4d
github.com/chakra-core/ChakraCore/pull/5444
nvd.nist.gov/vuln/detail/CVE-2018-8294
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8294
web.archive.org/web/20210124183944/www.securityfocus.com/bid/104646
web.archive.org/web/20211202002348/www.securitytracker.com/id/1041256