Modern web browsers are hardened and complex, yet remain high-value targets for attackers. While 0-day research dominates the headlines, building real-world, reliable exploits often involves chaining multiple vulnerabilities. Even when based on n-days, these exploit chains can offer a fast path to initial access during offensive engagements.

From patch diffing to modern mitigations bypass, this talk explores practical techniques for browser exploit development under real-world constraints. It introduces new methods and tools through the demonstration of an exploit chain leveraging three n-day vulnerabilities targeting recent versions of Google Chrome.