React, Flux, GraphQL, Hack, HHVM...? All of this and more!
The browser sandbox has been a very safe environment to develop for. Since the early days of the web access to low level resources has been a no-no in the world of web browser development. There were some proprietary technologies like ActiveX from Microsoft, Flash from Adobe and Java applets from Sun/Oracle that had serious vulnerabilities.
The vulnerabilities in these plugins were due to them running outside of the browsers sandbox. The layer of safety was gone and the plugin developers were responsible for security enforcement (on top of the Operating System level, naturally).
These technologies open up incredible possibilities unthinkable just ten years ago. Running old computer games and even Operating Systems like Windows 95 in browsers by setting the browser to be the compilation target is already being done. Someone will eventually even create a Flash plugin to allow running Adobe Flash in contemporary browsers without the plugin.
This also opens up a world of possibilities for malicious parties. Low level vulnerabilities like Meltdown and Spectre can have unprecedented distribution through the web ecosystem. Simply visiting a website or a web application could compromise your laptop or smartphone at a level unheard of before.
This example from GitHub user idea4good is available publicly and is a perfect example of how the added capabilities add new risks. Not only can you target macOS, Windows and Linux Operating Systems with this, but you can easily reach the billions of mobile devices running Android and iOS.
With great power comes great responsibility (sigh).Tweet