Posts

Deep dive into CVE-2023-3079 — a logic bug in V8's Inline Cache subsystem that leads to type confusion via incorrect element kind handling for JSArgumentsObject, enabling hole leak and arbitrary read/write.