Fine-grained machine code is likely to build more efficient/successful exploit.

But the goal I guess is to run that in one of the whatng cartel web engines (aka "sneaky" javascript), which are by themselves a security flaw already...