This research has implications for products and services that execute externally supplied code, including Chrome and other browsers with support for JavaScript and WebAssembly.