VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-3nr2-txtn-eye8

Essentials
Severities (15)
References (13)
Severity details (14)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-3nr2-txtn-eye8
Aliases	CVE-2018-8229 GHSA-jv5x-p843-g4qr
Summary	Access of Resource Using Incompatible Type ('Type Confusion') A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.79916	https://api.first.org/data/v1/epss?cve=CVE-2018-8229
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore
cvssv3.1	7.5	https://github.com/chakra-core/ChakraCore/commit/9b270c55bfea2fbefc9482d3414c4b4b395cad10
generic_textual	HIGH	https://github.com/chakra-core/ChakraCore/commit/9b270c55bfea2fbefc9482d3414c4b4b395cad10
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2018-8229
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2018-8229
cvssv3.1	7.5	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229
generic_textual	HIGH	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229
cvssv3.1	7.5	https://web.archive.org/web/20210124174715/http://www.securityfocus.com/bid/104369
generic_textual	HIGH	https://web.archive.org/web/20210124174715/http://www.securityfocus.com/bid/104369
cvssv3.1	7.5	https://web.archive.org/web/20210927135934/http://www.securitytracker.com/id/1041097
generic_textual	HIGH	https://web.archive.org/web/20210927135934/http://www.securitytracker.com/id/1041097
cvssv3.1	7.5	https://www.exploit-db.com/exploits/45013
generic_textual	HIGH	https://www.exploit-db.com/exploits/45013

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2018-8229
		https://github.com/chakra-core/ChakraCore
		https://github.com/chakra-core/ChakraCore/commit/9b270c55bfea2fbefc9482d3414c4b4b395cad10
		https://web.archive.org/web/20210124174715/http://www.securityfocus.com/bid/104369
		https://web.archive.org/web/20210927135934/http://www.securitytracker.com/id/1041097
		https://www.exploit-db.com/exploits/45013
		https://www.exploit-db.com/exploits/45013/
		http://www.securityfocus.com/bid/104369
		http://www.securitytracker.com/id/1041097
CVE-2018-8229	Exploit	https://bugs.chromium.org/p/project-zero/issues/detail?id=1560
CVE-2018-8229	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/45013.js
CVE-2018-8229		https://nvd.nist.gov/vuln/detail/CVE-2018-8229
CVE-2018-8229		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229

Data source	Exploit-DB
Date added	July 12, 2018
Description	Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions
Ransomware campaign use	Known
Source publication date	July 12, 2018
Exploit type	dos
Platform	windows
Source update date	July 12, 2018
Source URL	https://bugs.chromium.org/p/project-zero/issues/detail?id=1560

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/commit/9b270c55bfea2fbefc9482d3414c4b4b395cad10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8229

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8229

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210124174715/http://www.securityfocus.com/bid/104369

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210927135934/http://www.securitytracker.com/id/1041097

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/45013

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.99128
EPSS Score	0.79916
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:37:55.861623+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2018-8229.yml	38.6.0