High severity7.5NVD Advisory· Published Jul 11, 2018· Updated Jun 17, 2026
CVE-2018-8291
CVE-2018-8291
Description
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.ChakraCoreNuGet | < 1.10.1 | 1.10.1 |
Affected products
4- Range: ChakraCore
- Range: Windows 10 for 32-bit Systems
Patches
Vulnerability mechanics
References
13- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8291nvdPatchVendor AdvisoryWEB
- www.exploit-db.com/exploits/45215/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/104637nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041256nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041258nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-j67m-wpv6-pv44ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-8291ghsaADVISORY
- github.com/chakra-core/ChakraCore/commit/c322694178ece209b0aa73eafd97a036def86eb1ghsaWEB
- github.com/chakra-core/ChakraCore/pull/5444ghsaWEB
- web.archive.org/web/20210124183732/http://www.securityfocus.com/bid/104637ghsaWEB
- web.archive.org/web/20210515050150/http://www.securitytracker.com/id/1041258ghsaWEB
- web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256ghsaWEB
- www.exploit-db.com/exploits/45215ghsaWEB
News mentions
0No linked articles in our index yet.