General Discussion • Re: Nordstjernen web browser

The most recent JIT compiler caused vulnerability was in May 2026:

Just-In-Time (JIT) compilation continues to be one of the most targeted attack surfaces in modern web browsers. Because JIT engines dynamically write and execute native machine code to speed up JavaScript, logic flaws in their optimization pipelines frequently lead to critical memory corruption bugs.

Notable Recent CVEs:

• CVE-2026-1862 (Google Chrome / V8): A high-severity Type Confusion vulnerability patched in May 2026. A flaw in V8's aggressive optimization pipeline allowed malicious JavaScript to trick the compiler into treating altered memory objects as their original type, leading to heap corruption and potential Remote Code Execution (RCE) within the browser sandbox. Affected: Chromium versions prior to 144.0.7559.132.
• CVE-2026-4702 (Mozilla Firefox / SpiderMonkey): A major JIT Miscompilation flaw resolved in March 2026. The SpiderMonkey engine incorrectly optimized specific script pathways, resulting in logic gaps where security checks were bypassed during execution. Fixed in: Firefox 149 / Firefox ESR 140.9.