Microsoft.ChakraCore is vulnerable to remote code execution. This is due to the way the ChakraCore scripting engine handles objects in memory which could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.