Daniel Kozlowski reported that a
JavaScript Worker
could be used to keep a reference to an
object that could be freed during garbage collection. Subsequent
calls through this deleted reference could cause attacker-controlled
memory to be executed on a victim's computer.