The PS4 is hardware wise a PC with standard APIs except for parts of the MediaCON=Southbridge=Aeolia (Marvell name).
Sony does not allow anyone except Japan programmers to touch Southbridge because that is the ARM Trustzone managed Southbridge TEE (Trusted Execution Environment) for DRM. Sony just sandboxes some of the code running in the APU and hash checks the APU's OS just after it is booted by Southbridge.
For those interested; Sony uses Mono (C# JIT compiler) calling webkit native libraries as a framework to support commercial APPS and Webkit as well as Mono are always loaded. OpenGL ES2 is the Graphics framework and it supports 2D and 3D graphics. Why mono instead of Javascript; because Mono is smaller,faster and easier for them to insure it has no vulnerabilities. This was a speculation of mine a few years ago that I got right.
The above are from recent dumps of the PS4 booting.
So Hacking the APU is no big deal as that is the open world part of the PS4 and since it must support most of the HTML5 calls to support Vidipath including W3C extensions, it is considered vulnerable to hacks which is the reason for Trustzone managed boots, hash checks of the OS and all DRM is behind the ARM Trustzone managed TEE. Given this the hack is to an already running PS4 and at reboot the hack never existed.
So much text and yet nothing you say is confirmed by failoverflow. It's not a standard pc, it doesn't use standard apis at all and they even modified standard stuff like pci bus.
Also I don't know in any way how anyone can talk about html5 in this context.