High severity7.5NVD Advisory· Published Aug 9, 2016· Updated May 6, 2026

CVE-2016-3296

Description

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.ChakraCoreNuGet	<= 1.2.0	—

Affected products

Microsoft/Edge
cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
ghsa-coords
pkg:nuget/microsoft.chakracore
Range: <= 1.2.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-5ppx-g65v-4vfvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2016-3296ghsaADVISORY
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-096nvdWEB
web.archive.org/web/20210116095719/http://www.securitytracker.com/id/1036569ghsaWEB
web.archive.org/web/20210123160236/http://www.securityfocus.com/bid/92283ghsaWEB
www.securityfocus.com/bid/92283nvd
www.securitytracker.com/id/1036569nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000