we're going to have to get a lot better at building test suites. for example every js exploit found in browsers should also be added to https://github.com/tc39/test262.
Ehhhhh basically none of those exploits generalize beyond one very specific engine and set of conditions, and half of them are things to do with interactions between JIT tiers and can't be reliably triggered.