High severityNVD Advisory· Published Sep 13, 2018· Updated Aug 5, 2024

CVE-2018-8459

Description

A remote code execution vulnerability in ChakraCore's handling of memory objects, affecting Microsoft Edge and ChakraCore.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability in ChakraCore's handling of memory objects, affecting Microsoft Edge and ChakraCore.

Vulnerability

CVE-2018-8459 is a memory corruption vulnerability in the ChakraCore scripting engine, affecting both Microsoft Edge on various Windows 10 versions and the standalone ChakraCore project [1][2]. The bug exists in how the engine handles objects in memory, and it can be triggered when a user visits a specially crafted webpage [3].

Exploitation

An attacker needs to host a malicious webpage or inject content into a website and convince the victim to visit it via social engineering [3]. No additional authentication or privileges are required; the exploit occurs during normal browsing when the ChakraCore engine processes the crafted content, leading to memory corruption.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the current user, potentially gaining full control of the affected system [1][3]. This can lead to installation of programs, viewing or modifying data, or creating new accounts.

Mitigation

Microsoft released a security update in September 2018 as part of Patch Tuesday (MS18-07) to address this vulnerability [3]. Users should update their systems to the latest version of Microsoft Edge or apply the relevant Windows patches. For users of ChakraCore, the fix was included in subsequent releases, and it is recommended to upgrade to the latest patched version. The ChakraCore project stopped receiving security updates after March 2021 [4].

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.ChakraCoreNuGet	< 1.11.1	1.11.1

Affected products

ghsa-coords
pkg:nuget/microsoft.chakracore
Range: < 1.11.1
Microsoft/Chakracorecpe-rescue
Range: ChakraCore
Microsoft/Edgecpe-rescue
Range: Windows 10 Version 1803 for 32-bit Systems

Patches

e035a2db081c

[CVE-2018-8459] Edge - ChakraCore Type Confusion Vulnerability -

https://github.com/chakra-core/ChakraCorePaul LeathersJul 26, 2018via ghsa

commit

1 file changed · +21 −3

lib/Runtime/Types/PathTypeHandler.cpp+21 −3 modified

@@ -2563,8 +2563,9 @@ namespace Js
         Assert(IsObjectHeaderInlinedTypeHandler());
 
         // Clone the type Path here to evolve separately
+        Recycler * recycler = library->GetRecycler();
         uint16 pathLength = GetPathLength();
-        TypePath * clonedPath = TypePath::New(library->GetRecycler(), pathLength);
+        TypePath * clonedPath = TypePath::New(recycler, pathLength);
 
         ObjectSlotAttributes *attributes = this->GetAttributeArray();
         for (PropertyIndex i = 0; i < pathLength; i++)
@@ -2597,12 +2598,29 @@ namespace Js
         }
         else
         {
+            uint8 newTypePathSize = clonedPath->GetPathSize();
+
+            ObjectSlotAttributes * newAttributes = RecyclerNewArrayLeaf(recycler, ObjectSlotAttributes, newTypePathSize);
+            memcpy(newAttributes, attributes, sizeof(ObjectSlotAttributes) * newTypePathSize);
+
+            PathTypeSetterSlotIndex * setters = GetSetterSlots();
+            PathTypeSetterSlotIndex * newSetters;
+            if (setters == nullptr)
+            {
+                newSetters = nullptr;
+            }
+            else
+            {
+                newSetters = RecyclerNewArrayLeaf(recycler, PathTypeSetterSlotIndex, newTypePathSize);
+                memcpy(newSetters, setters, sizeof(PathTypeSetterSlotIndex) * newTypePathSize);
+            }
+
             clonedTypeHandler =
                 PathTypeHandlerWithAttr::New(
                     library->GetScriptContext(),
                     clonedPath,
-                    attributes,
-                    GetSetterSlots(),
+                    newAttributes,
+                    newSetters,
                     GetSetterCount(),
                     GetPathLength(),
                     static_cast<PropertyIndex>(GetSlotCapacity()),

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-pcgp-vfgq-mf5jghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-8459ghsaADVISORY
www.securityfocus.com/bid/105230mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1041623mitrevdb-entryx_refsource_SECTRACK
github.com/chakra-core/ChakraCore/commit/e035a2db081cd4f385732e3ac5665ef087954825ghsaWEB
github.com/chakra-core/ChakraCore/pull/5688ghsaWEB
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8459ghsax_refsource_CONFIRMWEB
web.archive.org/web/20210418104557/http://www.securityfocus.com/bid/105230ghsaWEB
web.archive.org/web/20210517133345/http://www.securitytracker.com/id/1041623ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.023
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000