The Digital Press

A security researcher discovered and exploited a use-after-free vulnerability in Ladybird's JavaScript engine, LibJS, allowing arbitrary code execution via a crafted proxied constructor function. The bug arises from freeing the interpreter’s internal argument buffer prematurely during object construction, leading to memory corruption.

Why it matters: This exploit demonstrates critical memory safety flaws in a modern browser engine, highlighting the need for early security focus in new projects.

The big picture: Ladybird is a new browser engine still in pre-alpha without sandboxing, making it an important target for foundational security research.

Exploitation details: The bug enables leaking object addresses, creating fake objects, and achieving arbitrary read/write, culminating in a reliable ROP chain for code execution.

Commenters say: They praise the thorough research and write-up while noting Ladybird’s early stage, emphasizing the importance of security in initial design and the commonality of such bugs in browsers.