Chrome JSNativeContextSpecialization::BuildElementAccess Bypass

Chrome suffers from a copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess.

Leave a Reply