Lucene search

GoogleOSV:GHSA-VR4J-GJ8Q-M89V

HistoryMay 14, 2022 - 2:22 a.m.

ChakraCore RCE Vulnerability

2022-05-1402:22:46

Google

osv.dev

8.1 High

AI Score

Confidence

Low

0.915 High

EPSS

Percentile

98.9%

JSON

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka “Scripting Engine Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft.chakracoreeq1.2.0

CPE	Name	Operator	Version
	microsoft.chakracore	eq	1.2.0

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119

github.com/chakra-core/ChakraCore

github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737

github.com/chakra-core/ChakraCore/pull/1737

nvd.nist.gov/vuln/detail/CVE-2016-7189

web.archive.org/web/20210123174832/www.securityfocus.com/bid/93427

web.archive.org/web/20211208062350/www.securitytracker.com/id/1036993