May 28, 2026 · Information Security

12‑Byte Syscall in Browser Sandbox Grants SYSTEM on Windows (CVE‑2026‑40369 PoC)

The article details CVE‑2026‑40369, a Windows kernel flaw in ExpGetProcessInformation where a zero‑length buffer bypasses ProbeForWrite, allowing a browser sandbox process to write arbitrary kernel memory with a 12‑byte syscall, leading to a deterministic, fully‑reliable privilege‑escalation chain that grants SYSTEM without race conditions, and discusses detection and mitigation.

CVE-2026-40369NtQuerySystemInformationWindows kernel

0 likes · 11 min read

12‑Byte Syscall in Browser Sandbox Grants SYSTEM on Windows (CVE‑2026‑40369 PoC)

Black & White Path

Apr 21, 2026 · Information Security

Claude Opus Demonstrates AI‑Assisted Chrome Exploit Chain Construction

A security researcher used Anthropic's Claude Opus to automatically combine two V8 vulnerabilities—CVE‑2026‑5873 and a sandbox‑escape flaw—to build a full Chrome exploit chain against an outdated Electron‑based Discord client, highlighting patch‑lag risks, economic incentives, and current AI limitations.

AI securityCVE-2026-5873Chrome exploit

0 likes · 5 min read

Claude Opus Demonstrates AI‑Assisted Chrome Exploit Chain Construction