CVE-2025-2783

Published Mar 26, 2025

Last updated 2 days ago

Exploit knownCVSS high 8.3
Windows
Google Chrome

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.

Description
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.3
Impact score
6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Google Chromium Mojo Sandbox Escape Vulnerability
Exploit added on
Mar 27, 2025
Exploit action due
Apr 17, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

62

  1. 🛡️ Cybersecurity News of the Week – March 25-31, 2025 🛡️ Here are the biggest cybersecurity stories you need to know this week: 🔹 🚨 Google Chrome Users Targeted by Sophisticated Malware A new zero-day vulnerability (CVE-2025-2783) is being exploited in cyber-espionage

    @JaidenCyberSec

    29 Mar 2025

    247 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  2. 🚨 Heads up! Google just patched a serious Chrome vulnerability (CVE-2025-2783) used in phishing attacks. Update to version 134.0.6998.178 to stay secure! How often do you check for your browser updates? Let's talk about it!

    @Khalikov90

    29 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA adds a critical Chromium sandbox escape flaw (CVE-2025-2783) to its Known Exploited Vulnerabilities catalog—actively exploited in the wild. Patch Chrome, Edge, or Opera now to avoid compromise. Details: https://t.co/jcJ872yqq7

    @RedTeamNewsBlog

    29 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. それでChromeもEdgeもバージョンアップがあったのか Google Chromeのゼロデイ脆弱性「CVE-2025-2783」が発覚。米当局は「Chromium」ベースのブラウザ全般が影響を受ける可能性を指摘し、注意喚起を行った #Chrome https://t.co/3QVfMYjveV

    @HiroshiYoshida_

    29 Mar 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    29 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. CISA has added a high-severity Google Chromium vulnerability, CVE-2025-2783, to its catalog after active exploitation against Russian organizations. Users must update Chrome for Windows. 🇷🇺 #CISA #Vulnerability #GoogleChrome link: https://t.co/vgJx9qYI6T https://t.co/3S6V2WRO5

    @TweetThreatNews

    28 Mar 2025

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Mozilla corrige un error crítico de Firefox similar a la reciente vulnerabilidad de día cero de Chrome. Tras el reciente escape del entorno sandbox de Chrome (CVE-2025-2783), varios desarrolladores de Firefox identificaron un patrón similar. #cybersecurity https://t.co/wClmorAW0j

    @EHCGroup

    28 Mar 2025

    45 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2783 #Google Chromium Mojo Sandbox Escape Vulnerability https://t.co/6GZiPZ81sT

    @ScyScan

    28 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. So @oct0xor & @2igosha have discovered a @googlechrome 0-day, being used in targeted attacks to deliver sophisticated #spyware. Recently it was just fixed 👉 CVE-2025-2783 . They are finally revealing the first details about it: "#OperationForumTroll” https://t.co/XI0UvLRM

    @StringsVsAtoms

    28 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Google has confirmed a series of cyber-espionage attacks affecting Chrome users, involving highly sophisticated malware triggered by phishing emails. Researchers from Kaspersky identified that the malware exploits a zero-day vulnerability, CVE-2025-2783, allowing attackers

    @CyberThreat_Int

    28 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 🚨 A Vulnerability exists in Google Chrome (CVE-2025-2783). Please see the @ncsc_gov_ie advisory for more information: https://t.co/tHxNZWf7mU

    @ncsc_gov_ie

    28 Mar 2025

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/CQNloIATjh 🔒 Patch now. https://t.co/vHDrB29evZ

    @CryptoDaku_

    28 Mar 2025

    5394 Impressions

    14 Retweets

    53 Likes

    1 Bookmark

    6 Replies

    0 Quotes

  13. ⚠️ Vulnerability Alert: Critical Vulnerabilities in Google Chrome and Sitecore CMS 📅 Timeline: Disclosure: 2025-03-26, Action Due: 2025-04-17 🆔 CVE IDs: CVE-2025-2783, CVE-2019-9874, CVE-2019-9875 📊 Base Scores: CVE-2025-2783: 8.8 (High) CVE-2019-9874: 9.8 (Critical)

    @syedaquib77

    28 Mar 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Google patches critical Chrome zero-day used to spy on Russian users. CVE-2025-2783 exploited a flaw between Chrome’s sandbox and Windows’ Mojo code. Attackers used phishing emails posing as invites to the “Primakov Readings” summit. https://t.co/6NFvzTuU7r

    @PCMag

    28 Mar 2025

    1100 Impressions

    1 Retweet

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  15. Kaspersky, Google Chrome’da saldırganların sandbox güvenliğini aşmasını sağlayan CVE-2025-2783 kodlu sıfır gün açığını tespit etti. Chrome kullanıcılarının acilen güncelleme yapması öneriliyor. https://t.co/bAGlN9Piam

    @PatronKulubu

    28 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 📢 Nuestras tecnologías de detección de exploits han ayudado a detectar la vulnerabilidad zero-day CVE-2025-2783 en Google Chrome, que fue utilizada en un sofisticado ataque APT. 🕵️ https://t.co/jFSl7mIBog

    @KasperskyES

    28 Mar 2025

    301 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  17. 🚨 New APT alert: Operation ForumTroll exploits a zero-day in #Chrome (CVE-2025-2783) to target high-profile users via phishing. Google issued a patch—are you updated? 🔍 Read the full analysis: https://t.co/ZpRJtGSqL6 #Cybersecurity #APT #Infosec #ThreatIntel

    @threatsbank

    28 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. The root cause of the Chrome 0-day vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4, and you can read about what led to its discovery at the link below.

    @oct0xor

    28 Mar 2025

    8691 Impressions

    16 Retweets

    96 Likes

    32 Bookmarks

    1 Reply

    3 Quotes

  19. Critical Firefox 0-Day: CVE-2025-2857 enables sandbox escape after active exploitation of CVE-2025-2783. Urgent update required—attackers gain elevated privileges. https://t.co/BSjk97f5mG #CyberSecurity #ZeroDay

    @adriananglin

    28 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/Eu3sPhTeTX 🔒 Patch now | Spread the word | Stay safe https://t.co/L3yW4aP

    @dysafhackx

    28 Mar 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/OJaaQiyKOq 🔒 Patch now | Spread the word | Stay safe

    @TheHackersNews

    28 Mar 2025

    68091 Impressions

    105 Retweets

    217 Likes

    34 Bookmarks

    6 Replies

    1 Quote

  22. CISA added the Google Chromium Mojo sandbox escape vulnerability (CVE-2025-2783) to its Known Exploited Vulnerabilities (KEV) catalog. https://t.co/98DsTUtl3i #CISA #google #chromium #vulnerabilities #cve #CyberSecurity #threatresq

    @ThreatResq

    28 Mar 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    28 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. 🚨 #Google #Chrome #CVE-2025-2783: Critical Sandbox Escape Vulnerability Exploited in the Wild https://t.co/d4t3kYgEmw

    @UndercodeNews

    27 Mar 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 Zero-Day en Chrome Google parcheó CVE-2025-2783, una vulnerabilidad crítica en Chrome para Windows explotada activamente en ataques contra organizaciones rusas. 📰 Más info: https://t.co/Uf1CK1Hrsd #Ciberseguridad #ZeroDay #Chrome

    @Cyph3R_CyberSec

    27 Mar 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Important security update: @opera and @operagxofficial have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-2783 Update now to the latest versions: - Opera version 117.0.5408.163 - Opera GX version 117.0.5408.162 https://t.co/cwF5pYXWkl

    @Opera_Security

    27 Mar 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🛡️ We added Google Chrome vulnerability CVE-2025-2783 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/b9o6v58zrB

    @CISACyber

    27 Mar 2025

    5976 Impressions

    35 Retweets

    43 Likes

    5 Bookmarks

    1 Reply

    3 Quotes

  28. 🛡️Nuevo ataque Zero-Day en Google Chrome: no hace falta más que un clic para caer ⚠️ Una nueva vulnerabilidad crítica (CVE-2025-2783) fue explotada en ataques reales, sin requerir que la víctima hiciera más que abrir un enlace en Chrome. Fue descubierto por Kaspersky. Este ht

    @CycuraMX

    27 Mar 2025

    5364 Impressions

    52 Retweets

    106 Likes

    28 Bookmarks

    0 Replies

    1 Quote

  29. 🚨 CVE-2025-2783 🔴 HIGH (8.3) 🏢 Google - Chrome 🏗️ 134.0.6998.177 🔗 https://t.co/vEuW1ycpLt 🔗 https://t.co/c3qsHYpS2H #CyberCron #VulnAlert #InfoSec https://t.co/GSYLJi94BK

    @cybercronai

    27 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/BcZaEdrIQB

    @Dinosn

    27 Mar 2025

    3065 Impressions

    16 Retweets

    43 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 Chrome zero-day exploited in the wild... Google patches CVE-2025-2783, a high-severity flaw in Chrome for Windows—actively used in attacks on Russian orgs. https://t.co/W1keFLSq81

    @achi_tech

    27 Mar 2025

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨BREAKING: Google patches the FIRST Chrome zero-day of 2025 (CVE-2025-2783) exploited in wild attacks on Russian orgs! Update NOW to stay safe. #Cybersecurity #ChromeUpdate #ZeroDay 👇 https://t.co/Cnu3u5WFIf

    @_F2po_

    27 Mar 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2025-2857 Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent proces… https://t.co/dvfomQ4vCs

    @CVEnew

    27 Mar 2025

    189 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 Critical Chrome update alert! CVE-2025-2783 patched - a zero-day vulnerability exploited in phishing attacks targeting Russian organizations. Update your browser ASAP to stay secure! #CyberSecurity #TechUpdate #GoogleChrome https://t.co/QzFMUd1fXe

    @HexcladSecurity

    27 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Actively exploited CVE : CVE-2025-2783

    @transilienceai

    27 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. 🚨 Critical Security Alert 🚨 A newly discovered CVE-2025-2783 vulnerability in Google Chrome allows attackers to bypass the browser’s sandbox protections. It is actively being exploited in a targeted APT campaign called Operation ForumTroll, focusing on media and educational ht

    @s3rkanbil3n

    27 Mar 2025

    210 Impressions

    0 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 Critical Security Alert 🚨 A newly discovered CVE-2025-2783 vulnerability in Google Chrome allows attackers to bypass the browser’s sandbox protections. It is actively being exploited in a targeted APT campaign called Operation ForumTroll, focusing on media and educational ht

    @s3rkanbil3n

    27 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐀𝐥𝐞𝐫𝐭! 🚨 Google has just patched a high-severity vulnerability in Chrome, actively exploited in espionage attacks against Russian organizations. The flaw, CVE-2025-2783, targets Windows systems and has been used in sophisticated phishing campaigns. https

    @viehgroup

    27 Mar 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. グーグル、スパイ活動キャンペーンで悪用されたChromeのゼロデイ脆弱性を修正(CVE-2025-2783) https://t.co/KQlwPgNPmd Googleは、ロシアのメディアや教育機関を狙ったスパイ攻撃に利用されたChromeのゼロデイ脆弱性(CVE-2025-2783)を修正しました。 #Security #セキュリティ #ニュース

    @SecureShield_

    27 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  40. ZERO-DAY ALERT! Google just patched CVE-2025-2783, a critical Chrome vulnerability exploited in Russian espionage attacks. Linked to Operation Forum Troll, this flaw allows sandbox bypass via phishing emails. #cybersecurity #chromeupdate #zeroday #APTattack https://t.co/1LBSig0

    @Privarase

    27 Mar 2025

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 🚨 URGENT: Hackers are exploiting a Google Chrome Zero-Day (CVE-2025-2783) They can: Bypasses security Runs malicious code Steals data Update Chrome NOW & use advanced security solutions to stay safe #CyberSecurity #ZeroDayAttack #GoogleChrome https://t.co/kqlT282Daw

    @XownSolutions

    27 Mar 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Google Patches Actively Exploited Chrome Zero-Day (CVE-2025-2783) in Espionage Campaign https://t.co/rxWN3EDqsR #CyberSecurity #GoogleChrome #ZeroDay #Cybernews #Cyberinsights #ThreatIntel #AIdrivenGRC #ASM #Cloudsecurity #Cytrusst https://t.co/KYA1vbsUvg

    @cytrusst

    27 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Recent, un grup de actori statali a exploatat o vulnerabilitate zero-day, identificată ca CVE-2025-2783, în browserul Google #Chrome pentru o operațiune de spionaj denumită #ForumTroll ce viza publicații media și instituții educaționale din #Rusia . https://t.co/rSRTBVpgjr

    @hackuritate

    27 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 【ニュース💬📃】当社のグローバル調査分析チーム(GReAT)は、Google Chromeのゼロデイ脆弱性( #CVE-2025-2783 )を特定しました。この脆弱性を悪用した攻撃では、悪意のあるリンクをクリックするだけでマルウェアに感染する可能性があり、非常に高度な技術が用いられていました。 https://t.co/QlR6ARbF8h

    @kaspersky_japan

    27 Mar 2025

    1210 Impressions

    4 Retweets

    12 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  45. 📢 CiberSeguridad en menos de 5 minutos 🕵️ Zero-Day en Chrome usado en espionaje – CVE-2025-2783 permitía ejecutar código fuera del sandbox; usado en la campaña Operation ForumTroll contra medios y entidades gubernamentales. 🪪 Vulnerabilidad en Windows filtra hashes NTLM – Día

    @Seifreed

    27 Mar 2025

    933 Impressions

    5 Retweets

    30 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  46. 【ニュース💬📃】当社のグローバル調査分析チーム(GReAT)は、Google Chromeのゼロデイ脆弱性(CVE-2025-2783)を特定しました。この脆弱性を悪用した攻撃では、悪意のあるリンクをクリックするだけでマルウェアに感染する可能性があり、非常に高度な技術が用いられていました。 🔹 https://t.co/3e4hWqLHz0

    @kaspersky_japan

    27 Mar 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Google has released a security update to fix a critical Chrome zero-day vulnerability (CVE-2025-2783) that was actively exploited in cyber-espionage attacks. #Google #vulnerabilitymatters https://t.co/PiB4lDsUld

    @OfficialAbijita

    27 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Google Chrome was affected by CVE-2025-2783 #GoogleChrome #CVE-2025-2783 https://t.co/72oKFNf28s

    @pravin_karthik

    27 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Google が Chrome サンドボックス バイパス ゼロデイ脆弱性 (CVE-2025-2783) を修正 Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) #HelpNetSecurity (Mar 26) https://t.co/tcuspWapMF

    @foxbook

    26 Mar 2025

    283 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 Cybersecurity Update: Key Developments You Should Know 🚨 Google Chrome Users Targeted in Cyber-Espionage Campaign A sophisticated malware campaign, dubbed "Operation ForumTroll," has been exploiting a zero-day vulnerability (CVE-2025-2783) in Chrome. Targets include media ht

    @cyberakira_ltd

    26 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations