CVE-2018-8276
MEDIUMMicrosoft Edge and ChakraCore - Control Flow Guard Bypass via Scripting Engine
Title source: llmDescription
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041256
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104626
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276
Scores
CVSS v3
6.5
EPSS
0.1583
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
Status
published
Products (2)
microsoft/edge
nuget/Microsoft.ChakraCore
0 - 1.10.1NuGet
Published
Jul 11, 2018
Tracked Since
Feb 18, 2026