CVE-2025-2783
Published Mar 26, 2025
Last updated 22 days ago
AI description
CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.
- Description
- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium Mojo Sandbox Escape Vulnerability
- Exploit added on
- Mar 27, 2025
- Exploit action due
- Apr 17, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2025-2783
@transilienceai
17 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
16 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Google lançou uma atualização emergencial e não programada para corrigir uma falha de segurança grave. A vulnerabilidade, identificada como CVE-2025-2783, foi descoberta por dois pesquisadores da Kaspersky Lab. Confira o artigo completo em nosso site: https://t.co/WWghdpjjxr
@grupo_redes1
16 Apr 2025
16 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
15 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A severe zero-day vulnerability (CVE-2025-2783) in Google Chrome has been exploited in real-world attacks, allowing hackers to bypass security protections. Google patched the flaw in version 134.0.6998.177/.178—users are urged to update immediately. https://t.co/Ic2WEtLIMW
@InformedAlerts
14 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"Google Chrome" brauzerində boşluq (CVE-2025-2783) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/50GpNyEDo6
@CERTAzerbaijan
9 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
6 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 ثغرة Zero-day تهدد مستخدمي متصفح Google Chrome! تم اكتشاف ثغرة (CVE-2025-2783) في متصفح Chrome بالإصدارات (177/178.0.6998.134)، والتي قد تُستغل في هجمات سيبرانية حقيقية. 💻 المتصفحات المتأثرة: •Chrome •Edge •Brave •Opera •Vivaldi جميعها مبنية على محرك Chromium، لذا فهي https
@CyberTask
6 Apr 2025
1671 Impressions
5 Retweets
28 Likes
17 Bookmarks
0 Replies
0 Quotes
¿Tienes Chrome actualizado a la última versión? 🧐 Asegúrate de hacerlo ya que soluciona la vulnerabilidad zero-day CVE-2025-2783 que hemos encontrado ✅ 🧐👉 https://t.co/fUljjMdnKY https://t.co/ZPaSgxLrSK
@KasperskyES
6 Apr 2025
293 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
6 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
5 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🦹🏻♀️👾 Villain of the Week 👾🦹🏻♀️ A high-severity zero-day vulnerability, CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser sandbox on Windows systems. This flaw was exploited in-the-wild and believed
@vicariusltd
3 Apr 2025
71 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Chrome: Actualizare critica pentru remedierea vulnerabilitatii CVE-2025-2783 https://t.co/GNVAOYl8ZY https://t.co/jF71dgYpFL
@Hit_Ro
3 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A high-severity flaw is actively exploited via phishing, bypassing Chrome’s protections (CVE-2025-2783). Update to 134.0.6998.177/.178. Contact us for help: https://t.co/eY0LLuQQdx Note: only targeting organizations in Russia—but could expand globally. #Cybersecurity https:
@BTAcyber
2 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783 (Google Chrome Mojo Sandbox Escape) 🔥 A critical vulnerability in Google Chrome has emerged! CVE-2025-2783 allows remote attackers to escape the browser's sandbox via a malicious file. Explore more on Rapid Risk Radar: https://t.co/ss3kdzzWEp https://t.co/Xl9DBega
@rapidriskradar
2 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Because of CVE-2025-2783, Steel has migrated all browser infra from chromium to Netscape Navigator 4.08 Rendering speed? Unmatched (if you wait long enough). https://t.co/vlsVIXNbWX
@steeldotdev
1 Apr 2025
754 Impressions
4 Retweets
22 Likes
3 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-2783
@transilienceai
1 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783). Threat actors are exploiting this Vulnerability under a campaigned named "Operation ForumTroll" https://t.co/koofYZSFRc
@Ashutosh__048
1 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chrome Zero-Day Flaw Discovered! Kaspersky Blocks APT Cyberattack 💻 Kaspersky has discovered a critical zero-day vulnerability (CVE-2025-2783) in Chrome, allowing sandbox bypass via malicious links. Google has patched the flaw as of March 25. 📍 Attack Overview ✅ Operation
@shinO7_O7
1 Apr 2025
154 Impressions
4 Retweets
31 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/uduwFnCjh5 Google Chrome è stato interessato da CVE-2025-2783 https://t.co/eVd6vWeyaY
@palmacci24838
31 Mar 2025
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Firefox users, update now! A critical bug (CVE-2025-2857) just got patched same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. https://t.co/GvPy7ROC6I
@achi_tech
31 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome Zero-Day Alert! 🕵️♂️ Cyber-espionage campaign exploiting a Chrome vulnerability (CVE-2025-2783) is active! ⚠️ Hackers are using phishing emails to bypass Chrome’s sandbox protection. ✅ Fix coming soon—update ASAP & avoid suspicious links!
@CyberThreat_Int
31 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New Chrome & Firefox zero-days: Here’s what you need to know! - Attackers exploited a Chrome sandbox flaw (CVE-2025-2783) to target Russian journalists & gov agencies. - Mozilla found a similar unpatched Firefox bug (CVE-2025-2857). - Update your browser ASAP! #CyberSec
@Shift6Security
31 Mar 2025
46 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
31 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google ha corretto la vulnerabilità zero-day CVE-2025-2783 scoperta da due ricercatori di Kaspersky. #TFsoluzioniinformatiche #TECHFIVE2012 https://t.co/3UVwecVBv6
@TECHFIVE2012
31 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Atención usuarios de Chrome! La vulnerabilidad CVE-2025-2783 está siendo explotada en ataques. Es crucial actualizar tu navegador a la última versión para proteger tus datos. https://t.co/QPplVM7RBt
@Ulul4r
31 Mar 2025
8482 Impressions
8 Retweets
13 Likes
3 Bookmarks
0 Replies
2 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
30 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google has patched a previously unknown vulnerability in the Chrome browser that was used to deliver spyware to Russian users. The zero-day vulnerability, dubbed CVE-2025-2783, created an attack that could infect a Windows PC if the user clicked on a malicious link. https://t.co
@EngineerOboko
30 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ Cybersecurity News of the Week – March 25-31, 2025 🛡️ Here are the biggest cybersecurity stories you need to know this week: 🔹 🚨 Google Chrome Users Targeted by Sophisticated Malware A new zero-day vulnerability (CVE-2025-2783) is being exploited in cyber-espionage
@JaidenCyberSec
29 Mar 2025
343 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 Heads up! Google just patched a serious Chrome vulnerability (CVE-2025-2783) used in phishing attacks. Update to version 134.0.6998.178 to stay secure! How often do you check for your browser updates? Let's talk about it!
@Khalikov90
29 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds a critical Chromium sandbox escape flaw (CVE-2025-2783) to its Known Exploited Vulnerabilities catalog—actively exploited in the wild. Patch Chrome, Edge, or Opera now to avoid compromise. Details: https://t.co/jcJ872yqq7
@RedTeamNewsBlog
29 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are targeting Chrome users! 🛡️A critical flaw (CVE-2025-2783) puts your data at risk. 👉🏻 Swipe through to learn simple steps to secure your browser and stay safe online. #GoogleChrome #CyberSecurity #OnlineSafety https://t.co/OZx9efN52V
@AsianetNewsEN
29 Mar 2025
111 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/K1KXm6HunP
@samilaiho
29 Mar 2025
804 Impressions
2 Retweets
3 Likes
2 Bookmarks
0 Replies
1 Quote
それでChromeもEdgeもバージョンアップがあったのか Google Chromeのゼロデイ脆弱性「CVE-2025-2783」が発覚。米当局は「Chromium」ベースのブラウザ全般が影響を受ける可能性を指摘し、注意喚起を行った #Chrome https://t.co/3QVfMYjveV
@HiroshiYoshida_
29 Mar 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
29 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has added a high-severity Google Chromium vulnerability, CVE-2025-2783, to its catalog after active exploitation against Russian organizations. Users must update Chrome for Windows. 🇷🇺 #CISA #Vulnerability #GoogleChrome link: https://t.co/vgJx9qYI6T https://t.co/3S6V2WRO5
@TweetThreatNews
28 Mar 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mozilla corrige un error crítico de Firefox similar a la reciente vulnerabilidad de día cero de Chrome. Tras el reciente escape del entorno sandbox de Chrome (CVE-2025-2783), varios desarrolladores de Firefox identificaron un patrón similar. #cybersecurity https://t.co/wClmorAW0j
@EHCGroup
28 Mar 2025
45 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2783 #Google Chromium Mojo Sandbox Escape Vulnerability https://t.co/6GZiPZ81sT
@ScyScan
28 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
So @oct0xor & @2igosha have discovered a @googlechrome 0-day, being used in targeted attacks to deliver sophisticated #spyware. Recently it was just fixed 👉 CVE-2025-2783 . They are finally revealing the first details about it: "#OperationForumTroll” https://t.co/XI0UvLRM
@StringsVsAtoms
28 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has confirmed a series of cyber-espionage attacks affecting Chrome users, involving highly sophisticated malware triggered by phishing emails. Researchers from Kaspersky identified that the malware exploits a zero-day vulnerability, CVE-2025-2783, allowing attackers
@CyberThreat_Int
28 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 A Vulnerability exists in Google Chrome (CVE-2025-2783). Please see the @ncsc_gov_ie advisory for more information: https://t.co/tHxNZWf7mU
@ncsc_gov_ie
28 Mar 2025
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/CQNloIATjh 🔒 Patch now. https://t.co/vHDrB29evZ
@CryptoDaku_
28 Mar 2025
5394 Impressions
14 Retweets
53 Likes
1 Bookmark
6 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical Vulnerabilities in Google Chrome and Sitecore CMS 📅 Timeline: Disclosure: 2025-03-26, Action Due: 2025-04-17 🆔 CVE IDs: CVE-2025-2783, CVE-2019-9874, CVE-2019-9875 📊 Base Scores: CVE-2025-2783: 8.8 (High) CVE-2019-9874: 9.8 (Critical)
@syedaquib77
28 Mar 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google patches critical Chrome zero-day used to spy on Russian users. CVE-2025-2783 exploited a flaw between Chrome’s sandbox and Windows’ Mojo code. Attackers used phishing emails posing as invites to the “Primakov Readings” summit. https://t.co/6NFvzTuU7r
@PCMag
28 Mar 2025
1100 Impressions
1 Retweet
1 Like
2 Bookmarks
0 Replies
0 Quotes
Kaspersky, Google Chrome’da saldırganların sandbox güvenliğini aşmasını sağlayan CVE-2025-2783 kodlu sıfır gün açığını tespit etti. Chrome kullanıcılarının acilen güncelleme yapması öneriliyor. https://t.co/bAGlN9Piam
@PatronKulubu
28 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 Nuestras tecnologías de detección de exploits han ayudado a detectar la vulnerabilidad zero-day CVE-2025-2783 en Google Chrome, que fue utilizada en un sofisticado ataque APT. 🕵️ https://t.co/jFSl7mIBog
@KasperskyES
28 Mar 2025
301 Impressions
2 Retweets
6 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 New APT alert: Operation ForumTroll exploits a zero-day in #Chrome (CVE-2025-2783) to target high-profile users via phishing. Google issued a patch—are you updated? 🔍 Read the full analysis: https://t.co/ZpRJtGSqL6 #Cybersecurity #APT #Infosec #ThreatIntel
@threatsbank
28 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The root cause of the Chrome 0-day vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4, and you can read about what led to its discovery at the link below.
@oct0xor
28 Mar 2025
8691 Impressions
16 Retweets
96 Likes
32 Bookmarks
1 Reply
3 Quotes
Critical Firefox 0-Day: CVE-2025-2857 enables sandbox escape after active exploitation of CVE-2025-2783. Urgent update required—attackers gain elevated privileges. https://t.co/BSjk97f5mG #CyberSecurity #ZeroDay
@adriananglin
28 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/Eu3sPhTeTX 🔒 Patch now | Spread the word | Stay safe https://t.co/L3yW4aP
@dysafhackx
28 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55EB6B03-2E87-4B74-A41D-1A48BAFDC687",
"versionEndExcluding": "134.0.6998.177"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]