Information Disclosure Vulnerability in Microsoft Browsers Affecting ChakraCore and Edge
CVE-2018-8452

4.3MEDIUM

Key Information:

Vendor
Microsoft
Status
Chakracore
Internet Explorer 11
Microsoft Edge
Vendor
CVE Published:
13 September 2018

Summary

An information disclosure vulnerability was identified in Microsoft browsers due to improper handling of memory objects by the scripting engine. This flaw could allow an attacker to potentially exploit the vulnerability to gain access to sensitive information. Affected products include ChakraCore, Internet Explorer 11, and Microsoft Edge, which emphasizes the importance of prompt updates and the implementation of security best practices to mitigate the risks.

Affected Version(s)

ChakraCore ChakraCore

Internet Explorer 11 Windows 10 for 32-bit Systems

Internet Explorer 11 Windows 10 for x64-based Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105252
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041623
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.