[rkagerer]

Did they include a proof of concept in the disclosure even though the Google patch has only been out for a week and the Microsoft patch is not yet available?

Showing more adversaries how to make exploits right now doesn't seem like a great idea?

[zenexer]

My understanding is that it’s not a full PoC. It’s enough to crash Windows, but not enough to do more than that. An attacker would likely need to do additional work to make it relevant to them unless they’re just a prankster. Given that the disclosure says exactly where an attacker would need to start looking, it doesn’t make much difference whether a PoC is released in this case.

This isn’t always true: sometimes knowing where to look is the easy part, and crafting a working exploit is the hard part. I don’t get the impression that’s the case here.