What is the CVSS score of CVE-2025-2783?

CVE-2025-2783 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 35.6%.

Which versions of Windows are affected by CVE-2025-2783?

Organizations using unspecified circumstances in Mojo in Google Chrome on Windows face notable risk from CVE-2025-2783 rated CVSS 8.3.. A patch is available.

Is there a public PoC exploit available for CVE-2025-2783?

Yes, a public proof-of-concept exploit is available for CVE-2025-2783. Prioritise patching immediately. EPSS: 35.6%.

How to fix or mitigate CVE-2025-2783?

Within 24 hours: Identify all affected systems running unspecified circumstances in Mojo in Google Chrome on Window and apply vendor patches immediately. Monitor vendor channels for patch availability.

Windows CVE-2025-2783

HIGH

2025-03-26 chrome-cve-admin@google.com

Windows Information Disclosure Chrome Google Microsoft Suse

8.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 05, 2026 - 14:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:33 vuln.today

Added to CISA KEV

Oct 24, 2025 - 14:06 cisa

CISA KEV

PoC Detected

Oct 24, 2025 - 14:06 vuln.today

Public exploit code

CVE Published

Mar 26, 2025 - 16:15 nvd

HIGH 8.3

DescriptionNVD

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

AnalysisAI

Google Chrome on Windows contains a Mojo IPC handle validation flaw enabling sandbox escape through a malicious file, exploited in targeted attacks against Russian organizations in March 2025.

Technical ContextAI

The vulnerability in Mojo's handle validation on Windows provides an incorrect handle that enables sandbox escape. When a user interacts with a malicious file, the flaw allows the attacker to execute code outside Chrome's sandbox with the user's full privileges.

RemediationAI

Update Chrome immediately. This vulnerability specifically affects Windows. Enable Chrome's enhanced protection mode.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

Vendor StatusVendor

CVE-2025-2783 vulnerability details – vuln.today

Back

Windows CVE-2025-2783

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code