CVE-2018-8145

HIGH

ChakraCore < 1.8.3 - Memory Contents Exposure via Scripting Engine

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8145. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in the Chakra JavaScript engine by triggering an out-of-bounds write via a crafted loop and array manipulation. The code attempts to crash the browser by writing to an invalid array index.

Description

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdoswindows

https://www.exploit-db.com/exploits/45011

View Code ZIP pw:eip

This PoC exploits a memory corruption vulnerability in the Chakra JavaScript engine by triggering an out-of-bounds write via a crafted loop and array manipulation. The code attempts to crash the browser by writing to an invalid array index.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Racy

Target: Microsoft Edge (Chakra JavaScript engine)

No auth needed

Prerequisites: A vulnerable version of Microsoft Edge

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45011/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103986

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040844

Scores

CVSS v3 7.5

EPSS 0.7210

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (5)

microsoft/chakracore < 1.8.3

microsoft/edge

microsoft/internet_explorer 10

microsoft/internet_explorer 11

nuget/Microsoft.ChakraCore 0 - 1.8.4NuGet

Published May 09, 2018

Tracked Since Feb 18, 2026