## https://sploitus.com/exploit?id=065FA14F-8469-537A-BCC7-AA641B59B198
# CVE-2025-2783
Simulated PoC for CVE-2025-2783 β a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC simulation, and logging. Safe for red team demos, detection engineering, and educational use.
This project simulates a safe and educational proof-of-concept for [CVE-2025-2783](https://nvd.nist.gov/vuln/detail/CVE-2025-2783), a vulnerability in Google Chromeβs Mojo IPC framework that allowed sandbox escape and local code execution on Windows systems.
> β οΈ This is **not a real exploit**. This is a **simulated demonstration** intended for educational, red teaming, and detection engineering training purposes only.
---
## π Features
- π΅οΈ Sandbox detection (via `ctypes`)
- π Mojo-style IPC using Python `multiprocessing.connection`
- π Phishing payload delivery via local HTTP server
- π§ Memory fuzz simulation
- π Simulated escape only works with crafted handle
- πͺ΅ Full activity logs to `incident.log`
---
## π§ͺ Lab Requirements
- OS: Windows 10 (Preferably in a VM)
- Python: 3.8+
- Git (optional)
- Visual Studio Code (recommended)
- Chrome v134.0.6998.142 (for context; not exploited here)
---
## π Folder Structure
CVE-2025-2783/
βββ advanced_cve_2025_2783.py # Main standalone PoC script
βββ incident.log # Logs actions and simulated activity
βββ Screenshot_1.png # (Optional) VS Code split-terminal output
βββ Screenshot_2.png # (Optional) Phishing server directory view
βββ README.md # Documentation file (this one)
---
## π§ How to Use
1. Clone or download the repository:
cd CVE-2025-2783-simulation
python advanced_cve_2025_2783.py
Run the script:
python advanced_cve_2025_2783.py
When prompted:
1 β Starts phishing server
2 β Runs exploit client