Browser sandbox escapes (historical, various — Chromium / Edge research)

Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.

1 syscalls cited

NtSetIoCompletion
Posts a completion packet to an I/O completion port — the kernel side of PostQueuedCompletionStatus and the delivery vector for PoolParty's forged work items.