CHERI can provide heap temporal safety to protect against use-after-free (really, use-after-reallocation; use-after-free is harmless until the point at which the memory is being used for something else, and deferring lets you batch revocation sweeps), it's just not on by default yet as it's a bit too experimental, but we're working to stabilise it more for our next CheriBSD release.