[LeoNatan25]

I have read it. It's not clear what code runs inside the interpreter.

What reason is there to even have such an interpreter in a highly privileged process?

[GoblinSlayer]

>What reason

Benchmarks. It's faster if you don't push all the scanned data through a process boundary.

[benmmurphy]

If the interpreter was running code written by Avast then it wouldn't be a security issue. Having an interpreter running code you have written vs writing the code in C++ is not necessarily better or worse from a security point of view.

[tremon]

Highly disagree here. Javascript's DOM parsing functionality has but one purpose: presentation manipulation, i.e. rendering. Having something like that running as SYSTEM is a security issue in itself, regardless of where the code comes from.

FFS, even display drivers don't run with full system privileges anymore.

[mosdl]

JS has no DOM API, browsers provide JS an API to use. Plus DOM had nothing to do with rendering, it's just tree manipulation APIs.

[saagarjha]

Generally the interpreter is probably better, once you have enough memory-managed code that it outweighs the number of vulnerabilities in your native code by virtue of its significantly lower bug rate.