This post explores the possibility of developing a working exploit for a vulnerability already patched in the v8 source tree before the fix makes it into a stable Chrome release. Chrome has a relatively tight release cycle of pushing a new stable version every 6 weeks with stable refreshes in between if warranted by critical issues. The associated chromium issue tracker entry is restricted and likely to remain so for months. TurboFan is the optimizing JIT compiler of v8, which has become a hot target recently. This one hints at a type confusion between element kinds, which can be relatively straightforward to exploit.”]
Source: https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/