WebKit exploit write-up

The proof of concept for this exploit can be found on the Chromium bug page. This bug was reported by lokihardt from Google Project Zer0. The bug can be found in Element::setAttributeNodeNS().

Let’s take a look at a code snippet:

Source: github.com