Critical vm2 sandbox bug lets attackers execute code on hosts
… However, WebAssembly exception handling can intercept JavaScript errors at a lower level inside Google’s V8 engine, bypassing vm2’s JavaScript-based security defenses. …
Tracked topic
… However, WebAssembly exception handling can intercept JavaScript errors at a lower level inside Google’s V8 engine, bypassing vm2’s JavaScript-based security defenses. …
… Two other Chrome zero-day bugs exploited in attacks in March: an out-of-bounds write weakness in the Skia 2D graphics library CVE-2026-3909 , and an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine CVE-2026-3910 . …