CVE-2025-2783

HIGH
2025-03-26 [email protected]
8.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Patch Released
Apr 05, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:33 vuln.today
Added to CISA KEV
Oct 24, 2025 - 14:06 cisa
CISA KEV
PoC Detected
Oct 24, 2025 - 14:06 vuln.today
Public exploit code
CVE Published
Mar 26, 2025 - 16:15 nvd
HIGH 8.3

Tags

Microsoft Google Information Disclosure Chrome Windows Suse

Description

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Analysis

Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025.

Technical Context

The vulnerability in Mojo's handle validation on Windows provides an incorrect handle that enables sandbox escape. When a user interacts with a malicious file, the flaw allows the attacker to execute code outside Chrome's sandbox with the user's full privileges.

Affected Products

['Google Chrome on Windows prior to 134.0.6998.177']

Remediation

Update Chrome immediately. This vulnerability specifically affects Windows. Enable Chrome's enhanced protection mode.

Priority Score

147
Low Medium High Critical
KEV: +50
EPSS: +35.6
CVSS: +42
POC: +20

Vendor Status

Share

CVE-2025-2783 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy