i just started to analysis this function, interesting....https://twitter.com/pwn_expoit/status/1237404487469260801 …
-
-
Replying to @raycp2
The purpose of this commit is to prevent elimination of NumberLessThan nodes, which is a way to circumvent aborting bound checks. I discussed an example on the
@doar_e blog : https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/ …3 replies 0 retweets 8 likes -
yeah, i figured out the theory about the out-of-bound store and load mode in reduce element access, it's interesting, thanks for the blog, i got a deeper understanding about `reduce jsload/storeproperty` , and if needed i'll write a analysis of this new mitigation.
1 reply 0 retweets 1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
