Using the Address Sanitizer tool, security researcher Nils reported a type confusion flaw in display transformation during rendering due to incorrect bounds checking. This leads to a potentially exploitable crash and can be triggered by web content.