Exploiting the Math.expm1 typing bug in V8
https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/ [abiondo.me]
2019-01-03 00:03
At 35C3 CTF this year (I played with KJC + mhackeroni, we got first place!) there was a Chrome challenge about exploiting a bug in V8, Chrome’s JavaScript engine. The bug caused incorrect typing during static analysis, producing incorrect optimizations in just-in-time compiled code. It was really hard to trigger: I didn’t finish in time for the CTF, but I feel like many people would be interested in a full writeup.
Another: https://www.jaybosamiya.com/blog/2019/01/02/krautflare/
source: HN