This vulnerability can be exploited through maliciously crafted web content, allowing attackers to execute arbitrary code.
The code triggers a use-after-free (UAF) vulnerability by delaying the addition of Map and Date objects, which allows the garbage collector (GC) to free them. This can potentially lead to accessing freed objects, causing memory corruption or enabling exploits.
CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
Thanks to abc for the proof of concept example.