Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html
https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/
https://therecord.media/firefox-sandbox-vulnerability-similar-chrome-zero-day
https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html
https://therecord.media/russian-media-academia-targeted-in-espionage-campaign
https://www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html
https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/
https://securelist.com/operation-forumtroll/115989/
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
Published: 2025-03-26
Updated: 2025-03-28
Named Vulnerability: Operation ForumTrollKnown Exploited Vulnerability (KEV)
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: Medium
Base Score: 8.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: High
EPSS: 0.01625