Google Chrome - Out-of-Bounds Access in RegExp Stubs
Google Chrome - Out-of-Bounds Access in RegExp Stubs There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this chec...