Claude Opus Demonstrates AI‑Assisted Chrome Exploit Chain Construction

Part 01: Exploit Chain Construction

The researcher selected the Discord desktop app, which runs on an outdated Chrome 138 engine, as the target because its main window lacks sandboxing. By prompting Claude Opus to develop an attack based on unpatched vulnerabilities, the AI successfully chained two complex bugs to achieve remote code execution (RCE):

CVE‑2026‑5873 : an out‑of‑bounds read/write in the V8 Turboshaft compiler when handling WebAssembly, fixed in Chrome 147, allowing arbitrary manipulation of V8 heap memory.

V8 Sandbox Bypass : a use‑after‑free in the WebAssembly code pointer table (WasmCPT) that, via import table corruption and type confusion, lets the exploit escape the V8 sandbox and gain read/write access to the entire virtual address space.

Combining these primitives, the model generated a payload that redirected execution to the system dyld cache, enabling arbitrary command execution on a macOS target.

Part 02: Technical Limits and Economic Impact

Despite the success, the process was far from fully automated. Claude Opus required extensive human supervision, framework setup, and operational management. The AI frequently lost context in long conversations, made speculative memory‑offset guesses, and struggled to recover from logical loops.

The experiment lasted one week, consuming roughly 2.3 billion tokens across 1,765 requests, costing about $2,283 and demanding 20 hours of manual guidance. Researchers had to continuously feed debugger (LLDB) information to keep the model on track.

Economically, AI‑assisted vulnerability development shows a high return on investment. Generating a reliable Chrome exploit for roughly $2.3 k and a few days of work compares favorably to commercial bug‑bounty payouts (often tens of thousands of dollars) or lucrative black‑market sales, indicating significant profit potential.

Part 03: Warning and Outlook

The work serves as a warning to the security community: while current models like Claude Opus still need expert direction to weaponize bugs, the trajectory is clear. Emerging models such as Anthropic’s Mythos, with stronger code‑reasoning abilities, are expected to lower the technical barrier for creating complex exploits.

As automated exploit generation narrows the gap with slow vendor patch cycles, threat actors with modest skills could increasingly compromise vulnerable software at unprecedented scale.