Browser JIT Exploitation 2026: How Glasswing Weaponized Just-In-Time Compilation
JIT compilation is why modern browsers are fast. It is also why they are hard to secure. Project Glasswing's Claude Mythos found a JIT vulnerability across browser vendors, adding to a pattern of AI-driven browser attack surface discovery.

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Every time you open a browser and run JavaScript, a just-in-time compiler is converting that code from an interpreted bytecode into native machine instructions on the fly. JIT compilation is why modern web applications feel fast. It is also why browser security engineers lose sleep. JIT compilers make assumptions about types. JavaScript, as a dynamically typed language, can violate those assumptions at runtime in ways that corrupt memory. When memory corruption happens inside a JIT-compiled code path, the attacker has a powerful primitive: they can influence the native code that the CPU executes. Project Glasswing's Claude Mythos identified a JIT vulnerability in a browser JavaScript engine through coordinated disclosure with browser vendors. This post explains exactly how JIT exploitation works, how Mythos finds these bugs autonomously, and what enterprise security teams should do before patches arrive.
JIT Compilation: A Primer for Security Engineers
Traditional JavaScript interpreters execute bytecode directly, one instruction at a time. This is safe but slow. JIT compilers observe which code paths are executed frequently (called hot paths) and compile them to native machine code. The native code is cached and reused on subsequent calls, making it orders of magnitude faster. The complexity arises from type speculation. JavaScript variables have no declared type. A variable can hold an integer on one call and a string on the next. The JIT compiler bets on a type (for example, assuming a variable is always a 32-bit integer) and emits native code optimized for that type. If the bet is wrong at runtime, the JIT deoptimizes: it throws away the compiled code and falls back to the interpreter. This speculate-and-deoptimize cycle is the attack surface. If an attacker can construct JavaScript that causes the JIT to speculate incorrectly, then execute code that violates the speculation without triggering deoptimization, they can cause the JIT to read or write memory based on wrong type assumptions.
Type Confusion: How Speculation Becomes Exploitation
Type confusion occurs when the JIT compiler is convinced that an object is of type A, but the object is actually of type B. In memory terms, types determine how fields are laid out and what sizes they occupy. If the JIT reads a field from object B using type A's field offsets, it may read memory that is adjacent to the object rather than part of it. With careful setup, the attacker can place a controlled object at the memory location the confused read will hit. Reading or writing through that confusion gives the attacker an out-of-bounds access primitive. From an OOB read/write, a skilled exploit developer builds a stronger primitive: often an addrof primitive (read the memory address of any object) and a fakeobj primitive (inject a fake object at any address). With these two, the attacker can craft a fake ArrayBuffer with an attacker-controlled backing store pointer, giving them arbitrary read and write across the process address space. At that point, code execution typically involves writing shellcode or a ROP chain to a known-executable memory region and hijacking control flow.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
How Glasswing's Claude Mythos Finds JIT Bugs Autonomously
Human security researchers find JIT bugs through a combination of source code review, differential fuzzing, and deep knowledge of engine internals accumulated over years of study. Mythos approaches the same problem through a different mechanism. It reads the JIT compiler source code and reasons about the invariants the compiler relies on. It then constructs JavaScript programs that satisfy all the surface-level invariants (so the JIT does not immediately deoptimize) while violating a deeper invariant at a specific point in the execution. This is closer to symbolic reasoning over code paths than traditional fuzzing. The result is targeted, minimal JavaScript that reliably triggers the bug rather than the large, noisy test cases that fuzzing typically produces. Mythos's ExploitBench result of 21 out of 41 V8 ACEs (with no other AI model above zero) quantifies this capability in benchmark conditions. The Glasswing JIT CVE applies the same capability to production browser code.
The Exploit Development Chain: From JIT to Arbitrary Code Execution
Understand the full chain so you can assess the real risk. Step one: trigger the type confusion with a crafted JavaScript program. Step two: use the OOB access to build addrof and fakeobj primitives. Step three: construct a fake ArrayBuffer with a controlled backing store pointer. Step four: use the fake ArrayBuffer for arbitrary read/write across the renderer process. Step five: identify and overwrite a code pointer (such as a function pointer in a V8 internal object or a return address on the stack, bypassing stack canaries via arbitrary write). Step six: execute the payload inside the renderer process. At this stage, the attacker has code execution in the browser renderer, which is sandboxed. A full browser compromise typically requires a second vulnerability (a sandbox escape) to escape the renderer. The Glasswing JIT finding focuses on the renderer-level arbitrary code execution step.
Affected Browsers and Vendor Coordination
The Glasswing finding is under coordinated disclosure embargo as of July 5, 2026. Browser vendors have been notified through Anthropic's standard coordinated disclosure process. The JIT type confusion class is not unique to any single engine: V8 (Chrome, Edge, Node.js, Deno), SpiderMonkey (Firefox), and JavaScriptCore (Safari, WebKit) all implement JIT compilation and are all subject to type confusion vulnerabilities in principle. The specific affected vendor or vendors and version ranges will be disclosed when patches are available. The pattern of Mythos's ExploitBench performance (21/41 V8 ACEs in benchmark conditions) suggests V8 was a research focus, but the Glasswing disclosure details are separate from the benchmark results.
Enterprise Browser Hardening Strategies
While waiting for patches, enterprise security teams have several meaningful options. First, JIT-less mode: Chrome and Chromium-based browsers support disabling the JIT compiler entirely via managed policy. This eliminates the JIT attack surface at the cost of JavaScript performance. For privileged access workstations, executive endpoints, or systems that browse only internal applications, this is a strong option. Second, site isolation: ensure strict site isolation is enabled. While this does not prevent JIT exploitation, it limits the blast radius of a renderer compromise by confining each site to its own process. Third, network segmentation: endpoints that do not need unrestricted internet access should have egress filtering to prevent attacker-controlled JavaScript from being served through enterprise browsers. Fourth, browser telemetry: deploy endpoint detection tools that monitor renderer process crashes or anomalous memory patterns, which may indicate exploitation attempts. Fifth, patch readiness: inventory your browser deployment and managed update policies so that when patches land, you can push them within hours rather than days.
Detection and Monitoring for JIT Exploitation Attempts
JIT exploitation leaves specific artifacts if your monitoring is tuned for them. At the browser level, repeated deoptimization cycles followed by crashes can indicate fuzzing or exploitation probing. At the network level, delivery of obfuscated JavaScript with unusual structure (large numbers of function calls with alternating argument types, or explicit garbage collection triggers) may indicate exploit delivery. At the endpoint level, renderer process crashes followed by immediate respawn are suspicious in high-security contexts. Endpoint detection and response (EDR) tools that monitor heap spray patterns or unusual memory allocation sequences in browser renderer processes can catch early stages of exploitation. None of these signals is definitive in isolation, but a combination of deopt storm, renderer crash, and unusual network source warrants investigation.
Full Technical Exploit Primitives and IOCs: Available in the Mythos Brief
The following are available exclusively to Mythos Brief subscribers. The embargo on specific vendor and version details will lift when patches are released. Subscribe at decryptiondigest.com/mythos-brief for immediate notification and the full technical packet.
Subscribe to unlock Remediation & Mitigation steps
Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.
The Broader Pattern: AI-Driven Browser Attack Surface Discovery
The Glasswing JIT finding is not isolated. Mythos also achieved 21 out of 41 V8 arbitrary code execution challenges in ExploitBench, the only AI model to score above zero. Browser JavaScript engines represent one of the most complex, most rewarded, and most frequently patched attack surfaces in consumer software. Project Zero and independent researchers have been finding JIT bugs for over a decade. What changes with Mythos is the speed and autonomy: AI-driven review does not require a researcher who has spent years building intuition about a specific engine's internals. This means the discovery rate for JIT-class vulnerabilities is likely to increase, not decrease, as AI security tooling matures. Defenders should treat browser patching not as a routine maintenance task but as a continuous high-priority obligation.
The bottom line
Browser JIT vulnerabilities are among the most technically sophisticated bugs in consumer software, and Project Glasswing's Claude Mythos found one through autonomous code analysis. The exploit chain from type confusion to arbitrary code execution is well understood by attackers. Enterprise teams should evaluate JIT-less mode for high-risk endpoints, enforce strict site isolation, and have patch deployment processes ready to move within hours when vendors release fixes. For the full technical primitive breakdown, affected engine and version details, IOCs, and managed policy configuration guide, subscribe to the free Mythos Brief at decryptiondigest.com/mythos-brief.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
What is JIT spraying?
JIT spraying is an attack technique that abuses the JIT compiler's code generation to write attacker-controlled bytes into executable memory. By carefully constructing JavaScript that causes the JIT to emit specific byte sequences, an attacker can spray the heap with shellcode-like patterns that can later be jumped into. Modern mitigations like constant blinding and code randomization reduce its effectiveness, but JIT spraying remains a relevant technique in advanced exploit chains.
Can I disable JIT in Chrome?
Yes. Chrome supports a JIT-less mode via the --js-flags=--jitless command-line flag. Chromium-based enterprise browsers can also be configured with the JIT policy via managed browser policy settings. Disabling JIT eliminates the JIT attack surface entirely but degrades JavaScript performance significantly. For high-security contexts like air-gapped workstations or privileged access workstations (PAWs), the tradeoff is often worthwhile. See the gated section in the Mythos Brief for specific policy configuration guidance.
Is Firefox also affected?
The Glasswing disclosure covers browser vendors under coordinated disclosure as of July 5, 2026. Specific vendor and version details remain under embargo while patches are prepared. Firefox's SpiderMonkey and Safari's JavaScriptCore use different JIT architectures than Chrome's V8, but JIT type confusion as a vulnerability class affects all high-performance JavaScript engines. Subscribe to the Mythos Brief at decryptiondigest.com/mythos-brief for vendor-specific details when the embargo lifts.
How is this different from the V8 ACE Glasswing achieved in ExploitBench?
ExploitBench is a benchmark environment where Mythos achieved 21 out of 41 arbitrary code execution challenges in V8, the Chrome JavaScript engine, with no other AI model scoring above zero. The browser JIT CVE from Glasswing is a finding in real production software through the coordinated disclosure program. ExploitBench demonstrates Mythos's capability in controlled challenge conditions; the Glasswing CVEs demonstrate that same capability applied to production codebases running in real organizations.
What should enterprise security teams do right now before browser patches are released?
Immediate mitigations while browser patches are under coordinated disclosure: enable Enhanced Security Mode in Chrome (chrome://settings/security > Enhanced protection) which restricts JIT compilation for sites that do not require it; enforce browser updates at the earliest available patch version via your MDM or endpoint management platform; consider disabling JIT on high-risk workstations like PAWs and privileged admin systems using Chrome's managed policy flag (--js-flags=--jitless via browser policy); and monitor endpoint detection telemetry for browser child process anomalies, which may indicate in-the-wild exploitation attempts. Full technical details including specific CVE identifiers and affected version ranges will be released by the Glasswing program when the 90-day coordinated disclosure window expires.
How does a V8 or SpiderMonkey JIT exploit get delivered and what network-level controls can slow it down?
JIT exploit payloads are delivered as JavaScript served over HTTP or HTTPS from attacker-controlled infrastructure, often through watering hole compromise of legitimate sites, malicious advertising networks, or spear-phishing links. Network-level controls that meaningfully reduce exposure include DNS-based blocking of known malicious domains through a recursive resolver with threat intelligence integration (such as Cisco Umbrella, Cloudflare Gateway, or BIND RPZ zones), TLS inspection at the perimeter to allow web proxy signatures to match exploit payload patterns even over encrypted connections, and web content filtering policies that restrict browsing to categorized business-necessary sites on managed devices. For high-security populations, blocking JavaScript execution from uncategorized or newly registered domains through proxy policy eliminates a large portion of watering hole and malicious ad delivery mechanisms. These controls do not prevent exploitation if a trusted site is compromised, but they substantially reduce the attack surface by requiring the adversary to use higher-reputation delivery infrastructure.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
