Claude Opus Used to Build Working Chrome Exploit Chain
AI relevance: This demonstration shows that frontier LLMs can now produce functional browser exploit chains with guided human interaction — lowering the barrier to exploit development and accelerating the threat posed by n-day vulnerability windows in Electron-based desktop apps.
A security researcher has published results from an experiment using Claude Opus to construct a fully functional exploit chain targeting Google Chrome's V8 JavaScript engine. The target was the Discord desktop application, which bundles an outdated Chromium build (Chrome 138) and runs without sandboxing on its main window.
The Exploit Chain
Through approximately 1,765 guided API requests over the course of a week, Claude Opus chained two vulnerabilities into a working remote code execution (RCE) primitive on macOS:
- CVE-2026-5873: An out-of-bounds read/write in V8's Turboshaft compiler for WebAssembly. Fixed in Chrome 147, the bug allowed bypassing bounds checks after tier-up compilation, enabling arbitrary memory manipulation within the V8 heap.
- V8 Sandbox Bypass: A use-after-free flaw in the WebAssembly Code Pointer Table (WasmCPT). By corrupting the import dispatch table and exploiting type confusion, the exploit escaped the V8 sandbox, granting full read/write access to the entire virtual address space.
The generated payload redirected execution to the system's dyld cache, enabling arbitrary command execution on the target machine.
Operational Reality Check
The process was not autonomous. The researcher provided continuous scaffolding — feeding LLDB debugger output back into the model, correcting memory offsets, and managing context collapse across long conversations. The total cost was approximately $2,283 in API tokens (2.3 billion tokens) and roughly 20 hours of hands-on guidance.
However, the economics are notable: spending ~$2,300 and a few days to produce a reliable Chrome exploit chain is profitable compared to commercial bug bounties ($10,000+) or underground exploit markets.
Why It Matters
- Electron-based apps (Discord, Slack, Notion, VS Code) bundle their own Chromium builds, often lagging weeks or months behind upstream patches — creating a wide n-day window.
- As models like Anthropic's forthcoming Mythos improve reasoning and coding capabilities, the required human oversight and cost will likely decrease further.
- This bridges the gap between theoretical "AI can write exploits" and demonstrated "AI can write working exploits" — even if still heavily guided.
What to Do
- Keep Electron-based applications updated; the patch gap is the attack surface.
- For security teams: factor AI-assisted exploit generation into your vulnerability management timelines — n-day windows that were once "low risk" are now actively weaponizable at lower cost.
- Monitor Chromium version skew in bundled applications as part of your asset inventory.