CVE-2018-0934

HIGH

Microsoft Edge and ChakraCore - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-0934. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in ChakraCore (CVE-2018-0934) by manipulating stack and heap arrays through the `Error` constructor to bypass a fix in `JavascriptArray::BoxStackInstance`. It achieves arbitrary memory read/write via type confusion between float and object arrays.

Description

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Google Security Research · javascriptdoswindows
https://www.exploit-db.com/exploits/44397

This exploit leverages a type confusion vulnerability in ChakraCore (CVE-2018-0934) by manipulating stack and heap arrays through the `Error` constructor to bypass a fix in `JavascriptArray::BoxStackInstance`. It achieves arbitrary memory read/write via type confusion between float and object arrays.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft ChakraCore (Edge browser)
No auth needed
Prerequisites: Target must be running a vulnerable version of ChakraCore/Edge · JavaScript execution context (e.g., browser)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Google Security Research · javascriptdoswindows
https://www.exploit-db.com/exploits/44396

This PoC exploits a type confusion vulnerability in ChakraCore (CVE-2018-0934) by bypassing a stack allocation check to achieve arbitrary memory corruption. The exploit manipulates array storage to trigger a use-after-free condition.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft ChakraCore (Edge/IE JavaScript engine)
No auth needed
Prerequisites: Target must execute the JavaScript code in a vulnerable ChakraCore environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44397/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44396/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040507
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103275

Scores

CVSS v3 7.5
EPSS 0.8529
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-755 CWE-787
Status published
Products (3)
microsoft/chakracore < 1.8.2
microsoft/edge
nuget/Microsoft.ChakraCore 0 - 1.8.2NuGet
Published Mar 14, 2018
Tracked Since Feb 18, 2026