A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work.
The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after Anthropic introduced Claude Mythos Preview and Project Glasswing, its new cybersecurity initiative.
According to Hacktron’s write-up, the target was Discord Desktop, which was using Chrome 138, an older Chromium build that lagged far behind current upstream releases.
That matters because outdated Chromium versions can leave known browser flaws exposed for longer, giving attackers more time to turn patched bugs into working exploits.
The exploit chain started with CVE-2026-5873, an out-of-bounds read and write flaw in V8 that Google fixed in Chrome 147.0.7727.55.
NVD says the bug allowed a remote attacker to execute arbitrary code inside the Chrome sandbox through a crafted HTML page, making it a serious memory corruption issue on its own.
Hacktron said Claude Opus used patch information and repeated debugging to turn that flaw into a working out-of-bounds primitive, then chained it with a disclosed V8 sandbox bypass to move toward full code execution.
The technical path was complex, but the basic idea was simple: first gain memory access inside V8, then break out of V8’s protections, and finally redirect execution to run a command on the system.
Hacktron’s report says the final proof-of-concept succeeded on ARM64 macOS and launched the Calculator app, a common way researchers demonstrate that code execution has been achieved.
What makes the story notable is not just the exploit itself, but how it was created. Pedhapati said the work took about a week, 22 Claude sessions, and 27 failed approaches before the model found a chain that worked.
He also said the process consumed about 2.33 billion tokens across 1,765 requests, cost $2,283 in API usage, and required roughly 20 hours of human supervision.
In other words, Opus did not operate like a fully autonomous hacker; it behaved more like a highly capable but inconsistent assistant that still needed strong guidance from an experienced researcher.
That point is important for defenders. The experiment suggests that today’s frontier models may already be sufficient to shorten the time required to convert n-day browser bugs into practical exploit chains, especially when the target runs older software.
Anthropic has made a similar argument in its own security messaging, saying that the Claude Mythos Preview demonstrated a level of cyber capability that could surpass all but the most skilled humans in finding and exploiting vulnerabilities.
Anthropic says that concern is why it is not broadly releasing Mythos and instead launched Project Glasswing, a program involving major partners such as AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, Nvidia, and JPMorgan Chase.
The stated goal is to use advanced AI to secure critical software before attackers gain the same advantage.
For security teams, the lesson is clear. Bundled Chromium in Electron-style desktop apps should be tracked as closely as the main Chrome browser, and patch delays should now be treated as a more urgent exposure.
AI may not replace exploit developers yet, but this case shows it can already make skilled attackers faster, cheaper, and harder to ignore.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
