Y
Hacker News
new
|
ask
|
show
|
jobs
by
coolspot
1895 days ago
It uses WebAssembly VM bug to get arbitrary memory address write/read capability within Chromium sandbox.
1 comments
heljara
1895 days ago
The actual bug is much before this though, WASM is just used to get a RWX page of memory, as v8 won't give JS that the other side of the JIT process.
link