The vulnerability as reported was closed as not a vulnerability, but it did uncover a bug in the Sanitizer API.

In matching elements against the SanitizerConfig it first determines the element’s kind as regular, custom, or unknown. The bug was that any namespaced elements (like those under math or svg namespaces) would be classified as unknown rather than regular and not checked against the baseline. The consequence being that namespaced elements that should be dropped would not be dropped.

The root of the report is also an interesting concept. Using prototype pollution to target a sanitizer configuration. Its not something I’ve seen discussed before so want to highlight it here. It was decided that doing this is just “JavaScript being JavaScript” so not fixed and should be a viable technique going forward.