An
exploit chain combines multiple vulnerabilities to achieve a goal that no single exploit could — e.g., remote code execution → sandbox escape → privilege escalation → persistence.
Browser exploits often use 3-part chains: browser RCE + sandbox escape + privilege escalation. Patching any one vulnerability in the chain breaks the entire attack. Defense in depth is critical — stop chains at any link.