#browser #v8 #chromium 2023-23-02
In anticipation of the future implementation of CFI on `code_entry_point` fields within function objects, I wanted to explore some patched sandbox escapes that have been found in the past.
Read more →
#browser #v8 #chromium 2022-06-12
An incorrect optimization in TurboFan's representation changer results in Int64 values being erroneously truncated to Int32 values.
Read more →
#browser #v8 #chromium 2022-27-11
The V8 heap sandbox has been around for quite some time now, and while it initially broke several methods used to gain code execution, new methods have risen to take their place.
Read more →