ARM has confirmed the possibility of an attack on systems with Cortex-X2, Cortex-X3, Cortex-A510, Cortex-A520, Cortex-A710, Cortex-A715 and Cortex-A720 processors, but does not intend to make changes to the CPU to block the problem[0], as how the MemTag architecture means that tags are not sensitive data to applications. Chrome's security team acknowledged the issues but won't fix them, as the V8 sandbox isn't designed for memory data confidentiality, and MTE defenses aren't enabled by default.
It's mentioned quite early in the paper but there's a prototype toolkit on GitHub[1] if you want to jump straight into that.
I'm not sure anyone is really surprised by this. Apple for example likewise calls out that you are at risk of an attacker using timing attacks to construct an authentication oracle for PAC, which is much more explicit about when exactly authentication checks actually happen.
It's mentioned quite early in the paper but there's a prototype toolkit on GitHub[1] if you want to jump straight into that.
[0]: https://developer.arm.com/documentation/109544/latest
[1]: https://github.com/compsec-snu/tiktag