Another question: Is there a consensus on weak points in V8 that can be mitigated on the client side?

Background: I used no-script and other alternatives for about 10 years, but stopped around 2015 due to tedium and other malware mitigation strategies. I'm assuming tracking remains an issue.

I'm unfamiliar with javascript engine internals but have found [0].

I've seen spectre based attacks and a few responses, primarily [1]. I've seen specific attacks [2].

Along the way I've found [3] and compared with [4]. These appear to be product based, as opposed to the Javascript engine specifically.

I'm hoping for an overview of current attacks and V8's security and/or comparison with other client-side browser Javascript engines. A survey paper or link/blog would be great.

------------------------------

[0] https://github.com/danbev/learning-v8

[1] https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html

[2] https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-15031/opec-1/Google-Chrome.html

[3] https://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224

[4] https://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452