VYPR
← All advisories
High severityNVD Advisory· Published May 9, 2018· Updated Aug 5, 2024

CVE-2018-0945

CVE-2018-0945

Description

A remote code execution vulnerability in Microsoft Edge's Chakra scripting engine due to memory corruption when handling objects in memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability in Microsoft Edge's Chakra scripting engine due to memory corruption when handling objects in memory.

Vulnerability

CVE-2018-0945 is a remote code execution vulnerability in the scripting engine (Chakra) used by Microsoft Edge and ChakraCore [1][2]. The bug manifests as a memory corruption issue when the scripting engine handles objects in memory, allowing an attacker who successfully exploits it to execute arbitrary code in the context of the current user [3]. Affected software includes Microsoft Edge on all supported Windows 10 versions as well as ChakraCore [1][2].

Exploitation

An attacker can exploit this vulnerability by hosting a specially crafted website (or by compromising a website that accepts user content) and then persuading a user to visit that site using an affected browser [3]. No special privileges or local access are required; the attack is remote and does not require user interaction beyond normal browsing [2]. The scripting engine's failure to properly handle exceptional conditions leads to memory corruption that can be weaponized [2].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the same rights as the current user [3]. If the user is logged on with administrative privileges, the attacker could install programs, view, change, or delete data, or create new accounts with full user rights [3]. The vulnerability is classified as remote code execution, with a CVSS base score that reflects high impact on confidentiality, integrity, and availability [3].

Mitigation

Microsoft released a security update for this vulnerability on May 8, 2018, as part of the May 2018 Patch Tuesday [3]. Users should apply the latest cumulative update for Microsoft Edge and Windows 10. For ChakraCore, Microsoft provided security updates up to version 1.11, with support ending on March 9, 2021 [4]. No workarounds are documented; the only mitigation is to install the vendor-supplied patches [2][3].

References
  1. NVD - CVE-2018-0945
  2. Microsoft Edge Scripting Engine CVE-2018-0945 Remote Memory Corruption Vulnerability
  3. Microsoft Edge Multiple Bugs Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions on the Target System
  4. GitHub - chakra-core/ChakraCore: ChakraCore is an open source Javascript engine with a C API.

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.8.41.8.4

Affected products

3

Patches

1
87f33674726c

[CVE-2018-0945] Chakra - Crashing on a null deref - Individual

https://github.com/chakra-core/ChakraCoreMeghana GuptaApr 11, 2018via ghsa
commit
1 file changed · +21 0
  • lib/Runtime/Language/JavascriptExceptionOperators.cpp+21 0 modified
    @@ -199,6 +199,13 @@ namespace Js
                     WalkStackForCleaningUpInlineeInfo(scriptContext, nullptr /* start stackwalk from the current frame */, scriptContext->GetThreadContext()->GetTryCatchFrameAddr());
                 }
             }
+            else
+            {
+                if (exception->GetExceptionContext() && exception->GetExceptionContext()->ThrowingFunction())
+                {
+                     WalkStackForCleaningUpInlineeInfo(scriptContext, nullptr /* start stackwalk from the current frame */, frame);
+                }
+            }
 #endif
             bool hasBailedOut = *(bool*)((char*)frame + hasBailedOutOffset); // stack offsets are negative
             if (hasBailedOut)
@@ -371,6 +378,13 @@ namespace Js
                     WalkStackForCleaningUpInlineeInfo(scriptContext, nullptr /* start stackwalk from the current frame */, scriptContext->GetThreadContext()->GetTryCatchFrameAddr());
                 }
             }
+            else
+            {
+                if (exception->GetExceptionContext() && exception->GetExceptionContext()->ThrowingFunction())
+                {
+                    WalkStackForCleaningUpInlineeInfo(scriptContext, nullptr /* start stackwalk from the current frame */, framePtr);
+                }
+            }
 #endif
             // Clone static exception object early in case finally block overwrites it
             exception = exception->CloneIfStaticExceptionObject(scriptContext);
@@ -701,6 +715,13 @@ namespace Js
                     WalkStackForCleaningUpInlineeInfo(scriptContext, nullptr /* start stackwalk from the current frame */, scriptContext->GetThreadContext()->GetTryCatchFrameAddr());
                 }
             }
+            else
+            {
+                if (pExceptionObject->GetExceptionContext() && pExceptionObject->GetExceptionContext()->ThrowingFunction())
+                {
+                    WalkStackForCleaningUpInlineeInfo(scriptContext, nullptr /* start stackwalk from the current frame */, framePtr);
+                }
+            }
 #endif
             // Clone static exception object early in case finally block overwrites it
             pExceptionObject = pExceptionObject->CloneIfStaticExceptionObject(scriptContext);

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.