A new exploit targeting the V8 JavaScript engine in Google Chrome has been developed using Anthropic’s Opus 4.6 model, which has now been superseded by Opus 4.7. This incident underscores the growing capabilities of AI in generating functional exploit code.
Details of the Exploit
Mohan Pedhapati, the CTO of Hacktron, detailed his experience using Opus 4.6 to create a complete exploit chain. He specifically targeted Chrome version 138, which is integrated into current versions of Discord. The exploit was based on an out-of-bounds error from Chrome version 146, the same version running on Anthropic’s Claude Desktop.
Pedhapati noted that the process required approximately $2,283 in API costs and around 20 hours of work to navigate through challenges. He emphasized that this cost is relatively low compared to the potential rewards from vulnerability reward programs offered by Google and Discord, which can reach around $15,000.
Implications for Security
While Opus 4.7 is said to have safeguards to detect and block high-risk cybersecurity requests, Pedhapati argues that the advancements in AI models for exploit development necessitate a shift in security practices. He pointed out that as these models become more accessible, even individuals with minimal experience could potentially exploit unpatched software.
For applications built on the Chrome-based Electron framework, like Slack and Discord, the situation is particularly concerning. The Electron version 41.2.1, released on April 15, still relies on Chrome 146, which is one version behind the latest Google Chrome release. This delay in updates can leave users vulnerable.
Recommendations for Developers
Pedhapati advises developers to prioritize security during the coding process and to be vigilant about updating dependencies. He suggests that security patches should be implemented automatically to prevent users from remaining vulnerable due to missed updates. Additionally, he calls for open-source projects to exercise caution regarding the public disclosure of vulnerability details, as this information can be exploited by those with access to AI tools.
As AI continues to evolve, the window for patching vulnerabilities may shrink, making proactive security measures increasingly critical.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
