VYPR
← All advisories
High severityNVD Advisory· Published Feb 15, 2018· Updated Sep 16, 2024

CVE-2018-0835

CVE-2018-0835

Description

Microsoft Edge and ChakraCore suffer from a scripting engine memory corruption vulnerability allowing remote code execution via crafted content.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Microsoft Edge and ChakraCore suffer from a scripting engine memory corruption vulnerability allowing remote code execution via crafted content.

Vulnerability

A memory corruption vulnerability exists in the Chakra scripting engine, used by Microsoft Edge and ChakraCore, due to improper handling of objects in memory [1]. This flaw is present in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016, as well as in ChakraCore [1][2]. The vulnerability allows an attacker to corrupt memory in a way that can lead to code execution [1].

Exploitation

An attacker can exploit this vulnerability by hosting a specially crafted website (or by leveraging a compromised website that accepts or hosts user-provided content) and then convincing a user to view the site in Microsoft Edge [2]. No authentication or special privileges are required from the attacker beyond the ability to serve web content. The user interaction consists of simply visiting the malicious page [2]. The vulnerability is triggered when the scripting engine processes the crafted content, corrupting memory in a way that allows the attacker to control execution flow [1].

Impact

Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on the target system within the context of the current user [1][2]. If the current user has administrative privileges, the attacker could take complete control of the affected system, including installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights [1]. If the user has fewer rights, the impact is limited accordingly [1].

Mitigation

Microsoft released a security update on February 13, 2018, to address this vulnerability across all supported versions of Windows 10 and Windows Server 2016 [2]. Users should apply the February 2018 security updates through Windows Update or Microsoft Update Catalog to remediate the issue [2]. For ChakraCore, Microsoft continues to provide security updates for version 1.11 until March 9, 2021, but this specific vulnerability was fixed in the corresponding ChakraCore update aligned with the February 2018 patch [4]. There is no known workaround other than applying the patch.

References
  1. NVD - CVE-2018-0835
  2. Microsoft Edge Multiple Bugs Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions on the Target System
  3. GitHub - chakra-core/ChakraCore: ChakraCore is an open source Javascript engine with a C API.

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.8.11.8.1

Affected products

2
  • ghsa-coords
    pkg:nuget/microsoft.chakracore
    Range: < 1.8.1
  • Microsoft Corporation/Microsoft Edge, ChakraCorev5
    Range: Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Patches

1
d318150296e0

ChakraCore fix for servicing release 18-02B: CVE-2018-0835

https://github.com/chakra-core/ChakraCoreRajat DuaJan 5, 2018via ghsa
commit
1 file changed · +2 32
  • lib/Runtime/Library/JavascriptArray.cpp+2 32 modified
    @@ -6878,38 +6878,8 @@ namespace Js
                 Js::Throw::FatalInternalError();
             }
 
-            // Maintain nativity of the array only for the following cases (To favor inplace conversions - keeps the conversion cost less):
-            // -    int cases for X86 and
-            // -    FloatArray for AMD64
-            // We convert the entire array back and forth once here O(n), rather than doing the costly conversion down the call stack which is O(nlogn)
-
-#if defined(TARGET_64)
-            if(compFn && JavascriptNativeFloatArray::Is(arr))
-            {
-                arr = JavascriptNativeFloatArray::ConvertToVarArray((JavascriptNativeFloatArray*)arr);
-                JS_REENTRANT(jsReentLock, arr->Sort(compFn));
-                arr = arr->ConvertToNativeArrayInPlace<JavascriptNativeFloatArray, double>(arr);
-            }
-            else
-            {
-                EnsureNonNativeArray(arr);
-                JS_REENTRANT(jsReentLock, arr->Sort(compFn));
-            }
-#else
-            if(compFn && JavascriptNativeIntArray::Is(arr))
-            {
-                //EnsureNonNativeArray(arr);
-                arr = JavascriptNativeIntArray::ConvertToVarArray((JavascriptNativeIntArray*)arr);
-                JS_REENTRANT(jsReentLock, arr->Sort(compFn));
-                arr = arr->ConvertToNativeArrayInPlace<JavascriptNativeIntArray, int32>(arr);
-            }
-            else
-            {
-                EnsureNonNativeArray(arr);
-                JS_REENTRANT(jsReentLock, arr->Sort(compFn));
-            }
-#endif
-
+            EnsureNonNativeArray(arr);
+            JS_REENTRANT(jsReentLock, arr->Sort(compFn));
         }
         else
         {

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.