This is how I remembered it. I always see Elop as a trojan horse from Microsoft

FLOP abuses the LVP in a way that allows the attacker to run functions with the wrong argument—for instance, a memory pointer rather than an integer.

is this a vulnerability in the software? So patching this won’t require disabling speculative execution?

Some browsers such as cromite disable JIT compilation and WebAssembly by default. Allowing you to opt-in to enable these features on a site by site bases.

JIT and WebAssembly have been the source of many high profile CVE in browser recently including the one mentioned in the post (well, this one is on Safari’s Chrome).

relevant research

• https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
• https://discuss.privacyguides.net/t/v8-jit-javascript-wasm-engine-can-be-disabled-configured-on-a-per-site-basis-in-chromium-122/17126

\ here you dropped an arm
¯\_(ツ)_/¯

What’s the issue with WebGL and WASM? I don’t want to use a plugin to be able to view 3d model, run Figma, play browser game, view WebVR content, …