WebKit: Use-after-free in WebCore::AXObjectCache::handleMenuItemSelected CVE-2018-4312 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on the ASan build of WebKit revision 233006 on OSX. Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector (simply opening the inspector enables accessibility features). On WebKitGTK+ (and possibly other WebKit releases) accessibility features are enabled by default. PoC: =================================================================