Nightmare of the Javascript Optimization
SMRTR summary
A security researcher discovered and exploited a zero-day Use-After-Free (UAF) bug in the LadyBird browser, turning it into a full remote code execution chain. The flaw lives in how LibJS syncs WebAssembly memory growth across three data structures, leaving a dangling pointer the handwritten ASM interpreter blindly dereferences. ASAN won't catch it. The bug is now patched.
SMRTR provides this summary for quick context. The original article belongs to lobste.rs.
Read the original article