> you can still cause arbitrary code execution within the process
You start with the ability to do arbitrary code execution, you don't have to find an exploit to do that. And since your WASM code is the only thing in the process, what is an exploit going to let you do that you couldn't already do anyway?
You seem to be confused. Arbitrary code execution is just the ability to run code. It is a security attack when a user that wasn't supposed to be able to run code can now run code. But WASM and JS runtimes would be literally useless if you didn't start with the ability to run arbitrary code. Their sole purpose is to run code. You feed them code, they run it. You were supposed to have the ability to run code, therefore arbitrary code execution is not an exploit here.
Maybe you're confusing it with privilege escalation, though? Or a sandbox escape? But FYI those aren't the same thing. At all.
Alternatively if the worst you've seen on HN is one person seemingly confusing arbitrary code execution with privilege escalation you must not be on HN very much.
You start with the ability to do arbitrary code execution, you don't have to find an exploit to do that. And since your WASM code is the only thing in the process, what is an exploit going to let you do that you couldn't already do anyway?