Another attack on ALSR
https://arstechnica.com/security/201...-much-nastier/
Imho ALSR is not broken in all cases, but only when attacker makes victim to execute malicious program, be it native OS application or Javascript on the web page. It is still good protection against untrusted data parsed by programs such as PDF readers, image viewers, multimedia players.