AI Model Exploits Chrome Vulnerability in Discord Apps
Severity: High (Score: 67.5)
Sources: www.hacktron.ai, Cybernews, Theregister
Summary
Mohan Pedhapati, CTO of Hacktron, demonstrated the capabilities of Anthropic's Opus 4.6 AI model by creating a functional exploit targeting the V8 JavaScript engine in Chrome 138, which is bundled with Discord. The exploit was developed over a week, costing $2,283 in API usage, and showcased the potential for script kiddies to exploit outdated software. The exploit utilized an out-of-bounds error from Chrome 146, highlighting the risks associated with applications that lag behind the latest security patches. Despite Anthropic's concerns about releasing its Mythos model, the ongoing advancements in AI-driven code generation raise significant security implications. The current state of Electron apps, which often use outdated versions of Chromium, exacerbates the vulnerability landscape. The situation emphasizes the urgent need for improved security measures in software development and deployment. As of now, the exploit demonstrates a clear risk to users of outdated Electron-based applications like Discord. Key Points: • Hacktron's CTO used AI to create a Chrome exploit for Discord, costing $2,283. • The exploit targets outdated versions of Chrome bundled in Electron apps, posing a significant risk. • Advancements in AI models like Opus highlight the need for improved security in software development.
Key Entities
- Zero-day Exploit (attack_type)
- Project Glasswing (campaign)
- Discord (platform)
- Chromium (platform)
- Electron (platform)
- Linux kernel (platform)
- V8 (platform)
- CVE-2025-12429 (cve)
- CVE-2026-3910 (cve)
- CVE-2026-5873 (cve)
- Cwe-125 - Out-of-bounds Read (cwe)
- Cwe-787 - Out-of-bounds Write (cwe)
- T1203 - Exploitation for Client Execution (mitre_attack)
- Chrome (tool)
- Google Chrome (tool)
- LLDB (tool)