CVE-2018-8243
Description
A memory corruption vulnerability in ChakraCore scripting engine can allow remote code execution via crafted web content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory corruption vulnerability in ChakraCore scripting engine can allow remote code execution via crafted web content.
Vulnerability
A remote code execution vulnerability exists in the way the ChakraCore scripting engine handles objects in memory, specifically a memory corruption condition. This affects ChakraCore versions prior to 1.11.24 as per the release notes [1]. The vulnerability allows an attacker to corrupt memory in a way that can lead to code execution [2].
Exploitation
An attacker can exploit the vulnerability by hosting a specially crafted website or by embedding malicious content in an email or other vector that triggers ChakraCore to process the content. The user must visit the malicious site or open the crafted content using a browser or application that relies on ChakraCore. No authentication is required, and the attack can be executed remotely [2].
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take complete control of the affected system, including installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights [2].
Mitigation
The vulnerability is fixed in ChakraCore 1.11.24, released as a patch update [1]. Users should update ChakraCore to version 1.11.24 or later. No workarounds are mentioned in the available references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.ChakraCoreNuGet | < 1.8.5 | 1.8.5 |
Affected products
2- Range: ChakraCore
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-w4qx-vw2w-q566ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-8243ghsaADVISORY
- www.securityfocus.com/bid/104403mitrevdb-entryx_refsource_BID
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243ghsax_refsource_CONFIRMWEB
- web.archive.org/web/20210124175604/http://www.securityfocus.com/bid/104403ghsaWEB
News mentions
0No linked articles in our index yet.