## https://sploitus.com/exploit?id=73783F01-78D6-58A5-911B-7B0E41D2725E
# CVE 2025-2783+CVE-2025-6554 fullchain
**Date: 2026/01/26**
[English](./README_EN.md)
Description of files:
- rce.html: CVE-2025-6554 exp
- exploit.dll: CVE-2025-2783 exp
- asm2bin.py: Shellcode conversion script
Create an http server in this directory, then use the command from the Chrome browser to access rce.html. After successful execution, a calculator will open:
```bash
chrome.exe http://ip:port/rce.html
```
Chrome version:
134.0.6998.89 (official version) (64-bit)
Windows 10 x64
Get the code:
```bash
fetch chromium
cd src
git checkout -b 134.0.6998.89 134.0.6998.89
gclient sync -D
```
Commit log:
```bash
commit b623489a994ecb8df7381fcceb54cfd3aafc9c3c (HEAD -> 134.0.6998.89, tag: 134.0.6998.89)
Author: Chrome Release Bot (LUCI)
Date: Fri Mar 7 13:31:39 2025 -0800
Increasing VERSION to 134.0.6998.89
Change-Id: I60b0329de8b4a6638adce6bee0616d21dfe61647
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6336347
Bot-Commit: Chrome Release Bot (LUCI)
Cr-Commit-Position: refs/branch-heads/6998@{#1899}
Cr-Branched-From: de9c6fafd8ae5c6ea0438764076ca7d04a0b165d-refs/heads/main@{#1415337}
```
Build parameters:
```bash
# Set build arguments here. See `gn help buildargs`. is_official_build = true
is_official_build = true
is_debug = false
symbol_level = 2
v8_symbol_level = 2
blink_symbol_level = 2
is_component_build = false
chrome_pgo_phase = 2
proprietary_codecs = true
ffmpeg_branding = "Chrome"
enable_nacl = false
dcheck_always_on = false
optimize_webui = true
target_os = "win"
target_cpu = "x64"
```
**Note 1**: The current sandbox escape exploit uses a lot of hardcoded offsets (will continue to be optimized later). Therefore, the requirements for the Chrome environment are quite strict. Factors like build parameters may directly lead to errors due to hardcoded offsets, resulting in failed exploits. **Note 2**: Please note that you need to modify the download link for exploit.dll in rce.html.