We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise. Learn how a universal, Bedrock-specific technique is used to bypass ASLR and achieve arbitrary read/write primitives.Hrvoje Mišetić
Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.Hrvoje Mišetić, Jamie Hill-Daniel, William Liu