[staticassertion]

Just because there's heap grooming involved doesn't mean it's unreliable. Exploits that use heap grooming can often be ~100% reliable.

Our POC for Sigred required lots of heap grooming but it was extremely reliable. https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce...

The overflow was hardly a footnote either, it's the primary bug being exploited here.

[staticassertion]

FWIW, and this is not a 'dis' at the researchers, I would also not say this is "extremely sophisticated". Most attacks these days involve chaining lots of bugs like this and using grooming techniques. It's extremely impressive work and I have great respect for people who can do that, but I would reserve "extremely sophisticated" for cases where novel techniques are used, which isn't really the case here.