Why Hardware Memory Tagging Isn’t the Security Silver Bullet It Promised to Be

This study shows that ARM’s Memory Tagging Extension can be reliably bypassed in Chrome and the Linux kernel through speculative tag leakage, enabling real-world exploits on modern Android devices.