| CVE Number | Feature | Keywords | Credit |
|---|---|---|---|
| CVE-2013-6632 | TypedArray | Integer Overflow, OOB | Pinkie Pie |
| CVE-2014-1705 | TypedArray | Invalid Array Length, OOB | geohot |
| CVE-2014-3176 | Array.concat | Side Effect, OOB | lokihardt |
| CVE-2014-7927 | asm.js | Compiler, OOB | Christian Holler |
| CVE-2014-7928 | Array | Optimization | Christian Holler |
| CVE-2015-1233 | Array | Optimization, OOB | ? |
| CVE-2015-1242 | Array | Optimization, Type Confusion | fcole@onshape.com |
| CVE-2015-6764 | JSON.stringify | Side Effect, OOB, | Guang Gong [1] |
| CVE-2015-6771 | TypedArray.map | Prototype, OOB | ? |
| CVE-2015-8584 | JSON.stringify | Side Effect, OOB | ? |
| CVE-2016-1646 | Array.concat | Side Effect, OOB | Wen Xu [2] |
| CVE-2016-1653 | asm.js | TypedArray, Optimization, OOB | Choongwoo Han |
| CVE-2016-1665 | asm.js | Compiler | HyungSeok Han |
| CVE-2016-1669 | RegExp | Heap Overflow, Integer Overflow | Choongwoo Han |
| CVE-2016-1677 | decodeURI | Side Effect, Information Leak | Guang Gong [1] |
| CVE-2016-1688 | RegExp | Max Korenko | |
| CVE-2016-5129 | Array | Side Effect | Jeonghoon Shin |
| CVE-2016-5172 | Scope | Choongwoo Han | |
| CVE-2016-5198 | parseInt | Compiler, Optimization, OOB | Tencent Keen Security Lab |
| CVE-2016-5200 | asm.js | TypedArray, Optimization, OOB | Choongwoo Han |
| CVE-2016-9651 | Object.assign | Logic, Property | Guang Gong [1] |
| CVE-2017-5030 | Array.concat | Side Effect, OOB | Brendon Tiszka |
| CVE-2017-5040 | Array.indexOf | TypedArray, Side Effect, Buffer Neutering | Choongwoo Han |
| CVE Number | Feature | Keywords | Credit |
|---|---|---|---|
| CVE-2016-3386 | Spread Operator | Array, Proxy, Stack Overflow | Richard Zhu |
| CVE-2016-7189 | Array.join | Information Leak | Natalie Silvanovich [3] |
| CVE-2016-7190 | Array.map | Heap Overflow | Natalie Silvanovich [3] |
| CVE-2016-7194 | Function.apply | Information Leak | Natalie Silvanovich [3] |
| CVE-2016-7200 | Array.filter | Heap Corruption | Natalie Silvanovich [3] |
| CVE-2016-7201 | Array | Prototype, Type Confusion | Natalie Silvanovich [3] |
| CVE-2016-7202 | Array.reverse | Overflow | Natalie Silvanovich [3] |
| CVE-2016-7203 | Array.splice | Heap Overflow | Natalie Silvanovich [3] |
| CVE-2016-7240 | eval | Proxy, Type Confusion | Natalie Silvanovich [3] |
| CVE-2016-7241 | JSON.parse | Information Leak | Natalie Silvanovich [3] |
| CVE-2016-7286 | SIMD.toLocaleString | Uninitialized Memory | Natalie Silvanovich [3] |
| CVE-2016-7287 | Intl | Initialization, Type Confusion | Natalie Silvanovich [3] |
| CVE-2016-7288 | TypedArray.sort | Side Effect, Buffer Neutering | Natalie Silvanovich [3] |
| CVE-2017-0015 | Spread Operator | Side Effect, Uninitialized Memory | Qixun Zhao [4] lokihart Simon Zuckerbraun |
| CVE-2017-0071 | Array | Optimization, Type Confusion | lokihardt [3] |
| CVE-2017-0134 | Array.concat | Side Effect, Type Confusion | Jordan Rabet |
| CVE-2017-0141 | Array.reverse | Side Effect | Semmle Inc |
| CVE Number | Feature | Keywords | Credit |
|---|---|---|---|
| CVE-2016-1857 | Array.join | Side Effect, Use After Free | Liang Chen, Zhen Feng, wushi [2] Jeonghoon Shin |
| CVE-2016-4622 | Array.slice | Side Effect, OOB | Samuel Groß |
| CVE-2016-4734 | TypedArray.copyWithin TypedArray.fill |
Side Effect, Buffer Neutering | Natalie Silvanovich [3] |
| CVE-2017-2446 | Funciton.caller | Type Confusion | Natalie Silvanovich [3] |
| CVE-2017-2447 | Function.bind | OOB | Natalie Silvanovich [3] |
| CVE-2017-2464 | Array.concat | Integer Overflow | Natalie Silvanovich [3] |
| CVE-2017-2491 | String.replace | RegExp, Use After Free | Samuel Groß, and Niklas Baumstark |
| CVE-2017-2521 | Array.length | OOB | lokihardt [3] |
| CVE-2017-2531 | OOB | lokihardt [3] | |
| CVE-2017-2491 | Spread Operator | Array, Integer Overflow | Samuel Groß, and Niklas Baumstark |
| CVE Number | Feature | Keywords | Credit |
|---|---|---|---|
| CVE-2014-1513 | TypedArray.subarray | OOB, Buffer Neutering, Side Effect | Jüri Aedla |
[1] Qihoo 360
[2] Tencent KeenLab
[3] Google Project Zero
[4] Qihoo 360 Skyeye Labs