SharedArrayBuffer was disabled exactly because vulnerabilities like this are easily exploitable (but there are POCs that don't depend on it).

It was only disabled as a mitigation to these specific attacks, in case you though it was an experimental or “at your own risk” type of thing.

Disabling SharedArrayBuffer is just stopping the most obvious method of exploitation; it's by no means a fix. Expect a slew of papers over the next few years on other methods of exploitation from JS.

Every single browser had to disable that feature because of those flaws.