AI Model Exploits Outdated Chrome Version in Security Test

Severity: High (Score: 67.5)

Sources: Cybernews, Theregister, www.hacktron.ai

Summary

A researcher used Anthropic's Claude Opus to exploit an outdated version of Chrome (138) bundled with Discord, demonstrating the potential for AI to automate exploit development. The exploit was built using known vulnerabilities in the V8 engine, specifically targeting CVE-2026-5873, a remote code execution flaw published on April 8, 2026. The researcher spent approximately $2,283 in API costs and 20 hours guiding the model through the process, which involved handling 2.3 billion tokens. This incident highlights the risks associated with outdated software, particularly applications built on Electron that often lag in updates. The researcher warns that as AI models improve, the ability to create exploit chains will become more accessible, raising concerns about the security of systems running outdated code. The test underscores a significant gap in patching practices and the urgency for organizations to update their software. The implications are serious, as even script kiddies could potentially exploit these vulnerabilities with minimal investment in time and resources. Key Points: • Claude Opus exploited Chrome 138, demonstrating AI's potential in exploit development. • The exploit targeted CVE-2026-5873, a remote code execution vulnerability in V8. • Outdated software in Electron apps poses significant security risks as AI models advance.

Key Entities

• Zero-day Exploit (attack_type)
• Project Glasswing (campaign)
• Discord (platform)
• Chromium (platform)
• Electron (platform)
• Linux kernel (platform)
• V8 (platform)
• CVE-2025-12429 (cve)
• CVE-2026-3910 (cve)
• CVE-2026-5873 (cve)
• Cwe-125 - Out-of-bounds Read (cwe)
• Cwe-787 - Out-of-bounds Write (cwe)
• T1059.007 - JavaScript (mitre_attack)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1203 - Exploitation for Client Execution (mitre_attack)
• Chrome (tool)
• Google Chrome (tool)
• LLDB (tool)