The 2021 Pwnie Nominee For Best Client-Side Bug

Collecting Garbage for Profit

Research Names: Unknown

Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1144662

The unknown researcher shows that ASLR of Chrome can be defeated by its conservative garbage collector. Aside from the technical prowess of the PoC, it seems to demonstrate a turning point in browser security and a novel attack vector. The Chrome team refused to fix it with the comment, “While this is a new avenue, and particularly convenient, we already have to plan for a world in which ASLR is bypassable. (Bummer!)”.