CVE-2025-2783

Published Mar 26, 2025

Last updated 22 days ago

Exploit knownCVSS high 8.3
Windows
Google Chrome

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.

Description
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.3
Impact score
6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Google Chromium Mojo Sandbox Escape Vulnerability
Exploit added on
Mar 27, 2025
Exploit action due
Apr 17, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    17 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    16 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. A Google lançou uma atualização emergencial e não programada para corrigir uma falha de segurança grave. A vulnerabilidade, identificada como CVE-2025-2783, foi descoberta por dois pesquisadores da Kaspersky Lab. Confira o artigo completo em nosso site: https://t.co/WWghdpjjxr

    @grupo_redes1

    16 Apr 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    15 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. A severe zero-day vulnerability (CVE-2025-2783) in Google Chrome has been exploited in real-world attacks, allowing hackers to bypass security protections. Google patched the flaw in version 134.0.6998.177/.178—users are urged to update immediately. https://t.co/Ic2WEtLIMW

    @InformedAlerts

    14 Apr 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. "Google Chrome" brauzerində boşluq (CVE-2025-2783) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/50GpNyEDo6

    @CERTAzerbaijan

    9 Apr 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    6 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. 🚨 ثغرة Zero-day تهدد مستخدمي متصفح Google Chrome! تم اكتشاف ثغرة (CVE-2025-2783) في متصفح Chrome بالإصدارات (177/178.0.6998.134)، والتي قد تُستغل في هجمات سيبرانية حقيقية. 💻 المتصفحات المتأثرة: •Chrome •Edge •Brave •Opera •Vivaldi جميعها مبنية على محرك Chromium، لذا فهي https

    @CyberTask

    6 Apr 2025

    1671 Impressions

    5 Retweets

    28 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  9. ¿Tienes Chrome actualizado a la última versión? 🧐 Asegúrate de hacerlo ya que soluciona la vulnerabilidad zero-day CVE-2025-2783 que hemos encontrado ✅ 🧐👉 https://t.co/fUljjMdnKY https://t.co/ZPaSgxLrSK

    @KasperskyES

    6 Apr 2025

    293 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    6 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    5 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. 🦹🏻‍♀️👾 Villain of the Week 👾🦹🏻‍♀️ A high-severity zero-day vulnerability, CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser sandbox on Windows systems. This flaw was exploited in-the-wild and believed

    @vicariusltd

    3 Apr 2025

    71 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Google Chrome: Actualizare critica pentru remedierea vulnerabilitatii CVE-2025-2783 https://t.co/GNVAOYl8ZY https://t.co/jF71dgYpFL

    @Hit_Ro

    3 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 A high-severity flaw is actively exploited via phishing, bypassing Chrome’s protections (CVE-2025-2783). Update to 134.0.6998.177/.178. Contact us for help: https://t.co/eY0LLuQQdx Note: only targeting organizations in Russia—but could expand globally. #Cybersecurity https:

    @BTAcyber

    2 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-2783 (Google Chrome Mojo Sandbox Escape) 🔥 A critical vulnerability in Google Chrome has emerged! CVE-2025-2783 allows remote attackers to escape the browser's sandbox via a malicious file. Explore more on Rapid Risk Radar: https://t.co/ss3kdzzWEp https://t.co/Xl9DBega

    @rapidriskradar

    2 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Because of CVE-2025-2783, Steel has migrated all browser infra from chromium to Netscape Navigator 4.08 Rendering speed? Unmatched (if you wait long enough). https://t.co/vlsVIXNbWX

    @steeldotdev

    1 Apr 2025

    754 Impressions

    4 Retweets

    22 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  17. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    1 Apr 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783). Threat actors are exploiting this Vulnerability under a campaigned named "Operation ForumTroll" https://t.co/koofYZSFRc

    @Ashutosh__048

    1 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Chrome Zero-Day Flaw Discovered! Kaspersky Blocks APT Cyberattack 💻 Kaspersky has discovered a critical zero-day vulnerability (CVE-2025-2783) in Chrome, allowing sandbox bypass via malicious links. Google has patched the flaw as of March 25. 📍 Attack Overview ✅ Operation

    @shinO7_O7

    1 Apr 2025

    154 Impressions

    4 Retweets

    31 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. https://t.co/uduwFnCjh5 Google Chrome è stato interessato da CVE-2025-2783 https://t.co/eVd6vWeyaY

    @palmacci24838

    31 Mar 2025

    9 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Firefox users, update now! A critical bug (CVE-2025-2857) just got patched same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. https://t.co/GvPy7ROC6I

    @achi_tech

    31 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Google Chrome Zero-Day Alert! 🕵️‍♂️ Cyber-espionage campaign exploiting a Chrome vulnerability (CVE-2025-2783) is active! ⚠️ Hackers are using phishing emails to bypass Chrome’s sandbox protection. ✅ Fix coming soon—update ASAP & avoid suspicious links!

    @CyberThreat_Int

    31 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. New Chrome & Firefox zero-days: Here’s what you need to know! - Attackers exploited a Chrome sandbox flaw (CVE-2025-2783) to target Russian journalists & gov agencies. - Mozilla found a similar unpatched Firefox bug (CVE-2025-2857). - Update your browser ASAP! #CyberSec

    @Shift6Security

    31 Mar 2025

    46 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    31 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Google ha corretto la vulnerabilità zero-day CVE-2025-2783 scoperta da due ricercatori di Kaspersky. #TFsoluzioniinformatiche #TECHFIVE2012 https://t.co/3UVwecVBv6

    @TECHFIVE2012

    31 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Atención usuarios de Chrome! La vulnerabilidad CVE-2025-2783 está siendo explotada en ataques. Es crucial actualizar tu navegador a la última versión para proteger tus datos. https://t.co/QPplVM7RBt

    @Ulul4r

    31 Mar 2025

    8482 Impressions

    8 Retweets

    13 Likes

    3 Bookmarks

    0 Replies

    2 Quotes

  27. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    30 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Google has patched a previously unknown vulnerability in the Chrome browser that was used to deliver spyware to Russian users. The zero-day vulnerability, dubbed CVE-2025-2783, created an attack that could infect a Windows PC if the user clicked on a malicious link. https://t.co

    @EngineerOboko

    30 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. 🛡️ Cybersecurity News of the Week – March 25-31, 2025 🛡️ Here are the biggest cybersecurity stories you need to know this week: 🔹 🚨 Google Chrome Users Targeted by Sophisticated Malware A new zero-day vulnerability (CVE-2025-2783) is being exploited in cyber-espionage

    @JaidenCyberSec

    29 Mar 2025

    343 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  30. 🚨 Heads up! Google just patched a serious Chrome vulnerability (CVE-2025-2783) used in phishing attacks. Update to version 134.0.6998.178 to stay secure! How often do you check for your browser updates? Let's talk about it!

    @Khalikov90

    29 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CISA adds a critical Chromium sandbox escape flaw (CVE-2025-2783) to its Known Exploited Vulnerabilities catalog—actively exploited in the wild. Patch Chrome, Edge, or Opera now to avoid compromise. Details: https://t.co/jcJ872yqq7

    @RedTeamNewsBlog

    29 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Hackers are targeting Chrome users! 🛡️A critical flaw (CVE-2025-2783) puts your data at risk. 👉🏻 Swipe through to learn simple steps to secure your browser and stay safe online. #GoogleChrome #CyberSecurity #OnlineSafety https://t.co/OZx9efN52V

    @AsianetNewsEN

    29 Mar 2025

    111 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/K1KXm6HunP

    @samilaiho

    29 Mar 2025

    804 Impressions

    2 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  34. それでChromeもEdgeもバージョンアップがあったのか Google Chromeのゼロデイ脆弱性「CVE-2025-2783」が発覚。米当局は「Chromium」ベースのブラウザ全般が影響を受ける可能性を指摘し、注意喚起を行った #Chrome https://t.co/3QVfMYjveV

    @HiroshiYoshida_

    29 Mar 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    29 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. CISA has added a high-severity Google Chromium vulnerability, CVE-2025-2783, to its catalog after active exploitation against Russian organizations. Users must update Chrome for Windows. 🇷🇺 #CISA #Vulnerability #GoogleChrome link: https://t.co/vgJx9qYI6T https://t.co/3S6V2WRO5

    @TweetThreatNews

    28 Mar 2025

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Mozilla corrige un error crítico de Firefox similar a la reciente vulnerabilidad de día cero de Chrome. Tras el reciente escape del entorno sandbox de Chrome (CVE-2025-2783), varios desarrolladores de Firefox identificaron un patrón similar. #cybersecurity https://t.co/wClmorAW0j

    @EHCGroup

    28 Mar 2025

    45 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2783 #Google Chromium Mojo Sandbox Escape Vulnerability https://t.co/6GZiPZ81sT

    @ScyScan

    28 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. So @oct0xor & @2igosha have discovered a @googlechrome 0-day, being used in targeted attacks to deliver sophisticated #spyware. Recently it was just fixed 👉 CVE-2025-2783 . They are finally revealing the first details about it: "#OperationForumTroll” https://t.co/XI0UvLRM

    @StringsVsAtoms

    28 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Google has confirmed a series of cyber-espionage attacks affecting Chrome users, involving highly sophisticated malware triggered by phishing emails. Researchers from Kaspersky identified that the malware exploits a zero-day vulnerability, CVE-2025-2783, allowing attackers

    @CyberThreat_Int

    28 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. 🚨 A Vulnerability exists in Google Chrome (CVE-2025-2783). Please see the @ncsc_gov_ie advisory for more information: https://t.co/tHxNZWf7mU

    @ncsc_gov_ie

    28 Mar 2025

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/CQNloIATjh 🔒 Patch now. https://t.co/vHDrB29evZ

    @CryptoDaku_

    28 Mar 2025

    5394 Impressions

    14 Retweets

    53 Likes

    1 Bookmark

    6 Replies

    0 Quotes

  43. ⚠️ Vulnerability Alert: Critical Vulnerabilities in Google Chrome and Sitecore CMS 📅 Timeline: Disclosure: 2025-03-26, Action Due: 2025-04-17 🆔 CVE IDs: CVE-2025-2783, CVE-2019-9874, CVE-2019-9875 📊 Base Scores: CVE-2025-2783: 8.8 (High) CVE-2019-9874: 9.8 (Critical)

    @syedaquib77

    28 Mar 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. Google patches critical Chrome zero-day used to spy on Russian users. CVE-2025-2783 exploited a flaw between Chrome’s sandbox and Windows’ Mojo code. Attackers used phishing emails posing as invites to the “Primakov Readings” summit. https://t.co/6NFvzTuU7r

    @PCMag

    28 Mar 2025

    1100 Impressions

    1 Retweet

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  45. Kaspersky, Google Chrome’da saldırganların sandbox güvenliğini aşmasını sağlayan CVE-2025-2783 kodlu sıfır gün açığını tespit etti. Chrome kullanıcılarının acilen güncelleme yapması öneriliyor. https://t.co/bAGlN9Piam

    @PatronKulubu

    28 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 📢 Nuestras tecnologías de detección de exploits han ayudado a detectar la vulnerabilidad zero-day CVE-2025-2783 en Google Chrome, que fue utilizada en un sofisticado ataque APT. 🕵️ https://t.co/jFSl7mIBog

    @KasperskyES

    28 Mar 2025

    301 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  47. 🚨 New APT alert: Operation ForumTroll exploits a zero-day in #Chrome (CVE-2025-2783) to target high-profile users via phishing. Google issued a patch—are you updated? 🔍 Read the full analysis: https://t.co/ZpRJtGSqL6 #Cybersecurity #APT #Infosec #ThreatIntel

    @threatsbank

    28 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. The root cause of the Chrome 0-day vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4, and you can read about what led to its discovery at the link below.

    @oct0xor

    28 Mar 2025

    8691 Impressions

    16 Retweets

    96 Likes

    32 Bookmarks

    1 Reply

    3 Quotes

  49. Critical Firefox 0-Day: CVE-2025-2857 enables sandbox escape after active exploitation of CVE-2025-2783. Urgent update required—attackers gain elevated privileges. https://t.co/BSjk97f5mG #CyberSecurity #ZeroDay

    @adriananglin

    28 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/Eu3sPhTeTX 🔒 Patch now | Spread the word | Stay safe https://t.co/L3yW4aP

    @dysafhackx

    28 Mar 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations