Hermes TypedArrayBuffer Type Confusion — From Bug to RCE
Posted on Wed 08 July 2026 in Security • Tagged with hermes, javascript, exploitation
I've been looking at the Hermes JS engine on and off for several years. In early May 2026, I picked it up again, and found a great heap OOB read/write bug, in TextEncoder/TextDecoder. I had not yet written a full Hermes exploit, so this seemed like a great …
Continue reading