Simulated PoC for CVE-2025-2783 — a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC simulation, and logging. Safe for red team demos, detection engineering, and educational use.
This project simulates a safe and educational proof-of-concept for CVE-2025-2783, a vulnerability in Google Chrome’s Mojo IPC framework that allowed sandbox escape and local code execution on Windows systems.
⚠️ This is not a real exploit. This is a simulated demonstration intended for educational, red teaming, and detection engineering training purposes only.
- 🕵️ Sandbox detection (via
ctypes) - 🐍 Mojo-style IPC using Python
multiprocessing.connection - 🌐 Phishing payload delivery via local HTTP server
- 🧠 Memory fuzz simulation
- 🔒 Simulated escape only works with crafted handle
- 🪵 Full activity logs to
incident.log
- OS: Windows 10 (Preferably in a VM)
- Python: 3.8+
- Git (optional)
- Visual Studio Code (recommended)
- Chrome v134.0.6998.142 (for context; not exploited here)
CVE-2025-2783/ ├── advanced_cve_2025_2783.py # Main standalone PoC script ├── incident.log # Logs actions and simulated activity ├── Screenshot_1.png # (Optional) VS Code split-terminal output ├── Screenshot_2.png # (Optional) Phishing server directory view ├── README.md # Documentation file (this one)
- Clone or download the repository:
cd CVE-2025-2783-simulation python advanced_cve_2025_2783.py
Run the script: python advanced_cve_2025_2783.py
When prompted:
1 → Starts phishing server
2 → Runs exploit client