[tedunangst]

The dangerous assumption here is that whatever sandbox you put the bad browser in actually contains it.

[d110af5ccf]

Particularly given the Project Zero KVM vulnerability published a couple of days ago. It was suitable to achieve a full VM escape. https://googleprojectzero.blogspot.com/2021/06/an-epyc-escap...