Turboflan PicoCTF 2021 Writeup (v8 + introductory turbofan pwnable)

This is a technical exploit writeup for a Turbofan JIT bug in V8 (Chromium) used in picoCTF 2021: the author demonstrates a removed deopt check causing type confusion between double and packed object arrays, builds addrof/fakeobj and arbitrary read/write primitives, and uses a wasm RWX page to run shellcode. The writeup is a CTF/d8 proof-of-concept with environmental restrictions (d8 only, no real Chrome remote, firewall limits) and does not present evidence of in-the-wild exploitation.