CVE-2018-8276 — Microsoft Chakracore vulnerability

7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

19.8%

top 4.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Chakracore Microsoft Edge

Timeline

PublishedJul 11

Latest updateMay 13

Description

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5microsoft/chakracoreChakraCore

▶CVEListV5microsoft/microsoft_edge6 versions+5

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

ChakraCore Security Bypass↗2022-05-13

▶

GHSA

ChakraCore Security Bypass↗2022-05-13

▶

CVEList

CVE-2018-8276: A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scri↗2018-07-11

▶

📋Vendor Advisories

Microsoft

Scripting Engine Security Feature Bypass Vulnerability↗2018-07-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - July 2018↗2018-07-10

▶

Talos

Microsoft Patch Tuesday - July 2018↗2018-07-10

▶