CVE-2018-9433 — In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed — CVE Database · The Intelligence Room