A safety researcher has proven that Anthropic’s Claude Opus may help construct a working browser exploit chain in opposition to Google Chrome’s V8 engine, elevating contemporary issues about how shortly AI can velocity up offensive safety work.
The experiment was printed by Mohan Pedhapati, often known as s1r1us, CTO of Hacktron, and it arrived simply days after Anthropic launched Claude Mythos Preview and Undertaking Glasswing, its new cybersecurity initiative.
In response to Hacktron’s write-up, the goal was Discord Desktop, which was utilizing Chrome 138, an older Chromium construct that lagged far behind present upstream releases.
That issues as a result of outdated Chromium variations can depart recognized browser flaws uncovered for longer, giving attackers extra time to show patched bugs into working exploits.
The exploit chain began with CVE-2026-5873, an out-of-bounds learn and write flaw in V8 that Google mounted in Chrome 147.0.7727.55.
NVD says the bug allowed a distant attacker to execute arbitrary code contained in the Chrome sandbox by means of a crafted HTML web page, making it a severe reminiscence corruption concern by itself.
Hacktron mentioned Claude Opus used patch info and repeated debugging to show that flaw right into a working out-of-bounds primitive, then chained it with a disclosed V8 sandbox bypass to maneuver towards full code execution.
The technical path was advanced, however the primary concept was easy: first achieve reminiscence entry inside V8, then get away of V8’s protections, and at last redirect execution to run a command on the system.
Hacktron’s report says the ultimate proof-of-concept succeeded on ARM64 macOS and launched the Calculator app, a standard manner researchers show that code execution has been achieved.
What makes the story notable isn’t just the exploit itself, however the way it was created. Pedhapati mentioned the work took a couple of week, 22 Claude periods, and 27 failed approaches earlier than the mannequin discovered a sequence that labored.
He additionally mentioned the method consumed about 2.33 billion tokens throughout 1,765 requests, price $2,283 in API utilization, and required roughly 20 hours of human supervision.
In different phrases, Opus didn’t function like a totally autonomous hacker; it behaved extra like a extremely succesful however inconsistent assistant that also wanted sturdy steerage from an skilled researcher.
That time is vital for defenders. The experiment means that right now’s frontier fashions could already be ample to shorten the time required to transform n-day browser bugs into sensible exploit chains, particularly when the goal runs older software program.
Anthropic has made an identical argument in its personal safety messaging, saying that the Claude Mythos Preview demonstrated a degree of cyber functionality that would surpass all however essentially the most expert people find and exploiting vulnerabilities.
Anthropic says that concern is why it’s not broadly releasing Mythos and as an alternative launched Undertaking Glasswing, a program involving main companions reminiscent of AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, Nvidia, and JPMorgan Chase.
The said aim is to make use of superior AI to safe essential software program earlier than attackers achieve the identical benefit.
For safety groups, the lesson is evident. Bundled Chromium in Electron-style desktop apps ought to be tracked as carefully as the principle Chrome browser, and patch delays ought to now be handled as a extra pressing publicity.
AI could not change exploit builders but, however this case reveals it may well already make expert attackers sooner, cheaper, and tougher to disregard.
Comply with us on Google Information, LinkedIn, and X to Get Prompt Updates and Set GBH as a Most well-liked Supply in Google.
