So even if the exploit is using vulnerability in Flash, it still needs to escape the Flash sandbox in Chrome.