CVE-2025-2783

high

Description

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

References

Exploits
More

https://www.securityweek.com/chrome-138-update-patches-zero-day-vulnerability/

https://www.securityweek.com/chrome-137-update-patches-high-severity-vulnerabilities/

https://thehackernews.com/2025/06/google-chrome-zero-day-cve-2025-2783.html

https://www.theregister.com/2025/06/03/google_chrome_zero_day_emergency_fix/

https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/

https://www.bleepingcomputer.com/news/security/google-patches-new-chrome-zero-day-bug-exploited-in-attacks/

https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html

https://securityaffairs.com/178560/hacking/google-fixed-the-second-actively-exploited-chrome-zero-day-since-the-start-of-the-year.html

https://www.bleepingcomputer.com/news/security/cisa-tags-recently-patched-chrome-bug-as-actively-exploited-zero-day/

https://securityaffairs.com/177899/security/google-fixed-a-chrome-vulnerability-that-could-lead-to-full-account-takeover.html

https://www.bleepingcomputer.com/news/security/google-fixes-high-severity-chrome-flaw-with-public-exploit/

https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html

https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/

https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day

https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html

https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog

https://www.bleepingcomputer.com/news/security/mozilla-warns-windows-users-of-critical-firefox-sandbox-escape-flaw/

https://therecord.media/russian-media-academia-targeted-in-espionage-campaign

https://www.helpnetsecurity.com/2025/03/26/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783/

https://www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt

https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/

https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html

https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/

https://securelist.com/operation-forumtroll/115989/

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

https://issues.chromium.org/issues/405143032

Details

Source: Mitre, NVD

Published: 2025-03-26

Updated: 2025-03-28

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01625

Detections

Analytics