I'm not aware of an instance where browsers were attacked via that vector, but for example Ruby On Rails was vulnerable to attacks via the JSON Parser: https://www.exploit-db.com/exploits/24434/ (many other frameworks too, I'm just picking this one because I'm familiar with it)