There is a remotely triggerable memory corruption issue in SwiftShader that is reachable from WebGL, resulting from an integer overflow issue. In the GPU process, there is validation on the sizes passed to texture creation functions to ensure that they shouldn't cause overflow. However, in the Swiftshader code there is a separate rounding up of render-target sizes to the next even size, which allows bypassing this validation.