This Black Hat conference talk explores critical vulnerabilities in modern JavaScript engines, revealing four remote code execution (RCE) exploits affecting Chrome's V8 and Firefox's SpiderMonkey. Dive into the technical analysis of vulnerabilities found in V8's new JSSet.Union implementation and Turboshaft mid-tier compiler, as well as SpiderMonkey's WebAssembly Garbage Collection specification. Learn the methodology behind discovering these security flaws, understand their root causes, and examine the four classic vulnerability patterns that commonly appear in JavaScript engines. The presenters demonstrate stable exploitation techniques and provide defensive strategies to help improve security in both Google and Mozilla browsers. Presented by security researchers from Qihoo 360 Vulnerability Research Institute and academic institutions, this 34-minute technical session includes live demonstrations of the RCE vulnerabilities in action.