Yeah, browsers (plugins/scripts) are always a big security problem (maybe the big?) . In my opinion as users the first thing to do it's to limit the use of plugins and use a solid and updated browser: as you said, scripts are interpreted, and browser manufactors are able to fix/limit the interpreter (for example firefox now have somehow patched the issue hiding the leak by disabling timers and the SharedArrayBuffer ).