BRW-WASM-OOBExecution

WebAssembly Bounds-Check Bypass

JIT bug elides WASM bounds check after PGO — out-of-bounds access from a sandboxed WASM module reaches engine memory.

§ Where this technique fits

BRW-WASM-OOB is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

V8 type-confusion 1-day → renderer RCE
Public V8 type-confusion turned into a renderer pop. JS triggers JIT into mis-compiling a polymorphic site, addrof/fakeobj primitives, shellcode in a WASM RWX page.
step 4 / 7

§ What commonly comes next

01
Exploit Public-Facing Application
T1190 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

V8 type-confusion 1-day → renderer RCE

§ What commonly comes next