Researcher Uses Claude Opus to Build Working Chrome Exploit Chain
Key Takeaways A security researcher successfully used Anthropic’s Claude Opus AI to develop a functional exploit chain for Google Chrome. The exploit targeted an outdated version of the V8...
Key Takeaways
- A security researcher successfully used Anthropic’s Claude Opus AI to develop a functional exploit chain for Google Chrome.
- The exploit targeted an outdated version of the V8 JavaScript engine within the Discord desktop application, leveraging two critical vulnerabilities.
- The demonstration highlights the “patch gap” in Electron-based applications, which often bundle old Chromium versions, leaving users exposed to known N-day exploits.
- While successful, the AI required significant human oversight and resource investment, but the cost-effectiveness suggests a concerning future trend for exploit development.
Amid ongoing discussions about the implications of advanced artificial intelligence in cybersecurity, a recent demonstration has moved beyond theoretical concerns to showcase a tangible threat. A security researcher successfully leveraged Anthropic’s Claude Opus large language model to construct a fully operational exploit chain targeting Google Chrome’s V8 JavaScript engine.
Table Of Content
This experiment underscores a critical vulnerability within the contemporary software ecosystem: the persistent “patch gap.” Many widely used desktop applications, including Discord, Notion, and Slack, are built on the Electron framework and incorporate their own bundled Chromium versions. These integrated Chromium builds frequently lag weeks or months behind official upstream Chrome releases, leaving users exposed to known vulnerabilities that have already been patched in the latest browser versions.
For this specific test, the researcher focused on the Discord desktop application, which was running an outdated Chrome 138 engine. Crucially, because Discord’s main window operates without a sandbox, the exploit required only two vulnerabilities to achieve a full chain, eliminating the need for a third, dedicated sandbox escape mechanism.
Chaining the Vulnerabilities
Through a series of detailed interactions, Claude Opus was guided to develop an exploit utilizing specific unpatched flaws. The AI successfully linked two complex vulnerabilities to achieve Remote Code Execution (RCE):
- CVE-2026-5873: This out-of-bounds (OOB) read and write vulnerability in V8’s Turboshaft compiler for WebAssembly was patched in Chrome 147. It allowed the attacker to bypass bounds checks following tier-up compilation, enabling arbitrary memory manipulation within the V8 heap.
- V8 Sandbox Bypass: A Use-After-Free (UAF) flaw was exploited in the WebAssembly Code Pointer Table (WasmCPT). By corrupting the import dispatch table and exploiting type confusion, the exploit completely bypassed the V8 sandbox, granting full read and write access to the entire virtual address space.
Leveraging these chained primitives, the AI generated a payload that could redirect execution flows to the system’s dyld cache, ultimately enabling the launch of arbitrary system commands on a macOS target.

Despite the successful outcome, the process was far from autonomous. The researcher noted that Claude Opus demanded extensive human oversight, scaffolding, and operational management. The AI frequently experienced context collapse during extended conversations, tended to speculate on memory offsets rather than verifying them, and struggled to independently recover when encountering logical loops.
Over the course of one week, the experiment consumed approximately 2.3 billion tokens across 1,765 requests, incurring a cost of about $2,283 and requiring 20 hours of hands-on guidance. The researcher had to continuously feed debugger (LLDB) output back into the model to maintain its focus, as detailed by Hacktron AI.
Economic Reality and Future Threats
While the exploit development process was labor-intensive, the economic implications of AI-assisted exploitation are significant. Spending roughly $2,300 and a few days of effort to generate a reliable Chrome exploit is highly profitable when compared to commercial bug bounties, which often exceed $10,000 for similar submissions, or the lucrative underground exploit market.
This experiment serves as a stark warning for the cybersecurity industry. While current AI models like Claude Opus still necessitate expert supervision to weaponize vulnerabilities, the technological trajectory is clear. As next-generation models, such as Anthropic’s Mythos, emerge with enhanced reasoning and coding capabilities, the barrier to generating sophisticated exploits is expected to drop dramatically.
Ultimately, the shrinking gap between automated exploit generation and slow vendor patching cycles threatens to empower less sophisticated threat actors to compromise vulnerable software at an unprecedented scale.
What You Should Do
- Update Applications Regularly: Ensure all desktop applications, especially those built on Electron (e.g., Discord, Notion, Slack), are updated to their latest versions to receive critical security patches promptly.
- Prioritize Browser Security: Use the most current version of your web browser (e.g., Google Chrome, Microsoft Edge, Firefox) and enable automatic updates.
- Implement Endpoint Detection and Response (EDR): Deploy EDR solutions to monitor for suspicious activity and potential exploit attempts on endpoints.
- Educate Users: Train users on the importance of software updates and vigilance against social engineering tactics that might deliver exploit payloads.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.