CVE-2025-2783

HIGH KEV

Mojo in Google Chrome <134.0.6998.177 - RCE

Title source: llm

Exploitation Summary

CVE-2025-2783 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 27, 2025. EIP tracks 5 public exploits from researchers including nu11secur1ty, Alchemist3dot14, Leviticus-Triage.

AI-analyzed exploit summary This is a proof-of-concept (PoC) for CVE-2025-2783, demonstrating a sandbox escape and privilege escalation vulnerability in Microsoft Edge's Mojo IPC subsystem. The exploit simulates malicious IPC communication to escape sandbox restrictions and escalate privileges.

Description

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Exploits (5)

exploitdb WORKING POC

by nu11secur1ty · textwebappswindows

https://www.exploit-db.com/exploits/52403

View Code ZIP pw:eip

This is a proof-of-concept (PoC) for CVE-2025-2783, demonstrating a sandbox escape and privilege escalation vulnerability in Microsoft Edge's Mojo IPC subsystem. The exploit simulates malicious IPC communication to escape sandbox restrictions and escalate privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177

No auth needed

Prerequisites: Python 3.7 or later · Windows 11 Pro · Administrator privileges for full output

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1559 - Inter-Process Communication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 30 stars

by Alchemist3dot14 · poc

https://github.com/Alchemist3dot14/CVE-2025-2783

View Code ZIP pw:eip

This is a simulated PoC for CVE-2025-2783, demonstrating a sandbox escape vulnerability in Chrome's Mojo IPC framework. It includes phishing delivery, memory fuzzing, and IPC simulation for educational purposes.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Google Chrome v134.0.6998.142

No auth needed

Prerequisites: Windows 10 · Python 3.8+ · Network access for phishing server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github SUSPICIOUS 13 stars

by Leviticus-Triage · pythonpoc

https://github.com/Leviticus-Triage/ChromSploit-Framework

View Code ZIP pw:eip

The repository appears to be a framework for Chrome exploits but lacks actual exploit code for CVE-2025-2783. It contains extensive documentation, contribution guidelines, and placeholder structures but no functional PoC or technical details specific to the CVE.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Google Chrome (unspecified version)

No auth needed

Prerequisites: None specified

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC 6 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-2783

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2025-2783, demonstrating a sandbox escape vulnerability in Google Chrome (version 134.0.6998.177) via improper handle validation in the Mojo IPC system. The code simulates the creation of a Mojo message pipe, injection of a fake handle, and attempts to read restricted system files to illustrate a sandbox breakout.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Google Chrome 134.0.6998.177

No auth needed

Prerequisites: Windows environment (32-bit or 64-bit) · GCC or compatible C compiler · Mojo C headers (Chromium IPC library) · Windows SDK for WinAPI functions · argparse.h for command-line parsing

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1559 - Inter-Process Communication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by aronfour · client-side

https://github.com/aronfour/CVE-2025-2783

View Code ZIP pw:eip

This repository contains a full-chain exploit for CVE-2025-2783, targeting Chromium's Ipcz communication layer to achieve sandbox escape and arbitrary code execution. The exploit leverages a V8 Type Confusion vulnerability and thread hijacking to execute shellcode in a high-privileged context.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Chromium up to 134.0.6998.177

No auth needed

Prerequisites: Chromium version up to 134.0.6998.177 · Windows system · Access to a compromised renderer process

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Permissions Required

https://issues.chromium.org/issues/405143032

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783

Scores

CVSS v3 8.3

EPSS 0.4396

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-03-27

VulnCheck KEV 2025-03-25

ENISA EUVD EUVD-2025-8225

Status published

Products (1)

google/chrome < 134.0.6998.177

Published Mar 26, 2025

KEV Added Mar 27, 2025

Tracked Since Feb 18, 2026