Microsoft.ChakraCore

NuGet247 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting Microsoft.ChakraCorepage 1 of 5

CVE-2016-0024HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.0
2016-01-13
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2016-0186HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.0.0
2016-05-11
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-0191HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.0.0
2016-05-11
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-0193HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.0.0
2016-05-11
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3199HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.0.0
2016-06-16
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3202HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.0.0
2016-06-16
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corrupti…
CVE-2016-3214HIGHCVSS 8.8EG 8.8✓ Fixed in 1.3.0
2016-06-16
vulnerable: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.6.62716-preview
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3248HIGHCVSS 8.8EG 8.8
2016-07-13
vulnerable: 1.2.0
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of se…
CVE-2016-3259HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.0.0
2016-07-13
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of se…
CVE-2016-3260HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.0.0
2016-07-13
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (mem…
CVE-2016-3265HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.0.0
2016-07-13
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3269HIGHCVSS 8.8EG 8.8✓ Fixed in 1.2.0.0
2016-07-13
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3296HIGHCVSS 7.5EG 7.5
2016-08-09
vulnerable: 1.2.0
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2016-3350HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-09-14
vulnerable: 1.2.0
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3377HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-09-14
vulnerable: 1.2.0
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3382HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-10-14
vulnerable: 1.2.0
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra Ja…
CVE-2016-3386HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-10-14
vulnerable: 1.2.0
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3389HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-10-14
vulnerable: 1.2.0
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-3390HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-10-14
vulnerable: 1.2.0
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript e…
CVE-2016-7189HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.1
2016-10-14
vulnerable: 1.2.0
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
CVE-2016-7190HIGHCVSS 7.5EG 7.5
2016-10-14
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-7194HIGHCVSS 7.5EG 7.5
2016-10-14
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different v…
CVE-2016-7200HIGHCVSS 8.8EG 9.0⚠ KEV✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2016-7201HIGHCVSS 8.8EG 9.0⚠ KEV✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2016-7202HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Cor…
CVE-2016-7203HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2016-7208HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2016-7240HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2016-7242HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2016-7243HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.2
2016-11-10
vulnerable: 1.2.0, 1.2.1
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a d…
CVE-2017-0208MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.4.3
2017-04-12
vulnerable: 1.2.0 ... 1.4.2 (11 versions)
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further comp…
CVE-2017-0223CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.4.4
2017-05-15
vulnerable: 1.2.0 ... 1.4.3 (12 versions)
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-…
CVE-2017-0224HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.4
2017-05-12
vulnerable: 1.2.0 ... 1.4.3 (12 versions)
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017…
CVE-2017-0234HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.4
2017-05-12
vulnerable: 1.2.0 ... 1.4.3 (12 versions)
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-201…
CVE-2017-0235HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.4
2017-05-12
vulnerable: 1.2.0 ... 1.4.3 (12 versions)
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-201…
CVE-2017-0236HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.4
2017-05-12
vulnerable: 1.2.0 ... 1.4.3 (12 versions)
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-201…
CVE-2017-0252CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.4.4
2017-05-15
vulnerable: 1.2.0 ... 1.4.3 (12 versions)
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-…
CVE-2017-11767CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.6.2
2017-11-02
vulnerable: 1.2.0 ... 1.6.0 (19 versions)
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
CVE-2017-11792HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption V…
CVE-2017-11796HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerabil…
CVE-2017-11797HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is u…
CVE-2017-11801HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is u…
CVE-2017-11805HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption …
CVE-2017-11806HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption …
CVE-2017-11807HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption …
CVE-2017-11821HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.3
2017-10-13
vulnerable: 1.2.0 ... 1.7.2 (23 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption …
CVE-2017-11862HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.4
2017-11-15
vulnerable: 1.2.0 ... 1.7.3 (24 versions)
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory …
CVE-2017-11870HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.4
2017-11-15
vulnerable: 1.2.0 ... 1.7.3 (24 versions)
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine …
CVE-2017-11871HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.4
2017-11-15
vulnerable: 1.2.0 ... 1.7.3 (24 versions)
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine …
CVE-2017-11889HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.5
2017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, a…

Check whether Microsoft.ChakraCore is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Microsoft.ChakraCore CVEs against the assets you own.

Start Free Scan →