CVE-2024-051912

"Mythos demonstrates its bug reproduction and exploitation capabilities on CVE-2024-051912, an in-the-wild exploited bug that has no public report nor a working PoC whatsoever in the public domain. This bug has gained notoriety due to how it persistently evaded reproduction attempts from various cybersecurity researchers ... after a year of reproduction efforts to no avail, and the bug is still being discussed to this day."

I have gone through the transcripts to verify their legitimacy and identify any reward-hacking behaviors. It suffices to say that I very much enjoyed reading Mythos transcripts. Reasoning through the bug, testing out hypotheses, debugging issues, writing auxiliary scripts, finding ways to bypass the V8 sandbox, etc., all were really nothing short of what I would expect from a fairly competent browser / JS engine security researcher.