CVE-2025-2783
Published Mar 26, 2025
Last updated 2 days ago
AI description
CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.
- Description
- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium Mojo Sandbox Escape Vulnerability
- Exploit added on
- Mar 27, 2025
- Exploit action due
- Apr 17, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
62
🛡️ Cybersecurity News of the Week – March 25-31, 2025 🛡️ Here are the biggest cybersecurity stories you need to know this week: 🔹 🚨 Google Chrome Users Targeted by Sophisticated Malware A new zero-day vulnerability (CVE-2025-2783) is being exploited in cyber-espionage
@JaidenCyberSec
29 Mar 2025
247 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 Heads up! Google just patched a serious Chrome vulnerability (CVE-2025-2783) used in phishing attacks. Update to version 134.0.6998.178 to stay secure! How often do you check for your browser updates? Let's talk about it!
@Khalikov90
29 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds a critical Chromium sandbox escape flaw (CVE-2025-2783) to its Known Exploited Vulnerabilities catalog—actively exploited in the wild. Patch Chrome, Edge, or Opera now to avoid compromise. Details: https://t.co/jcJ872yqq7
@RedTeamNewsBlog
29 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
それでChromeもEdgeもバージョンアップがあったのか Google Chromeのゼロデイ脆弱性「CVE-2025-2783」が発覚。米当局は「Chromium」ベースのブラウザ全般が影響を受ける可能性を指摘し、注意喚起を行った #Chrome https://t.co/3QVfMYjveV
@HiroshiYoshida_
29 Mar 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
29 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has added a high-severity Google Chromium vulnerability, CVE-2025-2783, to its catalog after active exploitation against Russian organizations. Users must update Chrome for Windows. 🇷🇺 #CISA #Vulnerability #GoogleChrome link: https://t.co/vgJx9qYI6T https://t.co/3S6V2WRO5
@TweetThreatNews
28 Mar 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mozilla corrige un error crítico de Firefox similar a la reciente vulnerabilidad de día cero de Chrome. Tras el reciente escape del entorno sandbox de Chrome (CVE-2025-2783), varios desarrolladores de Firefox identificaron un patrón similar. #cybersecurity https://t.co/wClmorAW0j
@EHCGroup
28 Mar 2025
45 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2783 #Google Chromium Mojo Sandbox Escape Vulnerability https://t.co/6GZiPZ81sT
@ScyScan
28 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
So @oct0xor & @2igosha have discovered a @googlechrome 0-day, being used in targeted attacks to deliver sophisticated #spyware. Recently it was just fixed 👉 CVE-2025-2783 . They are finally revealing the first details about it: "#OperationForumTroll” https://t.co/XI0UvLRM
@StringsVsAtoms
28 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has confirmed a series of cyber-espionage attacks affecting Chrome users, involving highly sophisticated malware triggered by phishing emails. Researchers from Kaspersky identified that the malware exploits a zero-day vulnerability, CVE-2025-2783, allowing attackers
@CyberThreat_Int
28 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 A Vulnerability exists in Google Chrome (CVE-2025-2783). Please see the @ncsc_gov_ie advisory for more information: https://t.co/tHxNZWf7mU
@ncsc_gov_ie
28 Mar 2025
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/CQNloIATjh 🔒 Patch now. https://t.co/vHDrB29evZ
@CryptoDaku_
28 Mar 2025
5394 Impressions
14 Retweets
53 Likes
1 Bookmark
6 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical Vulnerabilities in Google Chrome and Sitecore CMS 📅 Timeline: Disclosure: 2025-03-26, Action Due: 2025-04-17 🆔 CVE IDs: CVE-2025-2783, CVE-2019-9874, CVE-2019-9875 📊 Base Scores: CVE-2025-2783: 8.8 (High) CVE-2019-9874: 9.8 (Critical)
@syedaquib77
28 Mar 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google patches critical Chrome zero-day used to spy on Russian users. CVE-2025-2783 exploited a flaw between Chrome’s sandbox and Windows’ Mojo code. Attackers used phishing emails posing as invites to the “Primakov Readings” summit. https://t.co/6NFvzTuU7r
@PCMag
28 Mar 2025
1100 Impressions
1 Retweet
1 Like
2 Bookmarks
0 Replies
0 Quotes
Kaspersky, Google Chrome’da saldırganların sandbox güvenliğini aşmasını sağlayan CVE-2025-2783 kodlu sıfır gün açığını tespit etti. Chrome kullanıcılarının acilen güncelleme yapması öneriliyor. https://t.co/bAGlN9Piam
@PatronKulubu
28 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 Nuestras tecnologías de detección de exploits han ayudado a detectar la vulnerabilidad zero-day CVE-2025-2783 en Google Chrome, que fue utilizada en un sofisticado ataque APT. 🕵️ https://t.co/jFSl7mIBog
@KasperskyES
28 Mar 2025
301 Impressions
2 Retweets
6 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 New APT alert: Operation ForumTroll exploits a zero-day in #Chrome (CVE-2025-2783) to target high-profile users via phishing. Google issued a patch—are you updated? 🔍 Read the full analysis: https://t.co/ZpRJtGSqL6 #Cybersecurity #APT #Infosec #ThreatIntel
@threatsbank
28 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The root cause of the Chrome 0-day vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4, and you can read about what led to its discovery at the link below.
@oct0xor
28 Mar 2025
8691 Impressions
16 Retweets
96 Likes
32 Bookmarks
1 Reply
3 Quotes
Critical Firefox 0-Day: CVE-2025-2857 enables sandbox escape after active exploitation of CVE-2025-2783. Urgent update required—attackers gain elevated privileges. https://t.co/BSjk97f5mG #CyberSecurity #ZeroDay
@adriananglin
28 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/Eu3sPhTeTX 🔒 Patch now | Spread the word | Stay safe https://t.co/L3yW4aP
@dysafhackx
28 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Firefox users, update now! A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. 📖 Full story: https://t.co/OJaaQiyKOq 🔒 Patch now | Spread the word | Stay safe
@TheHackersNews
28 Mar 2025
68091 Impressions
105 Retweets
217 Likes
34 Bookmarks
6 Replies
1 Quote
CISA added the Google Chromium Mojo sandbox escape vulnerability (CVE-2025-2783) to its Known Exploited Vulnerabilities (KEV) catalog. https://t.co/98DsTUtl3i #CISA #google #chromium #vulnerabilities #cve #CyberSecurity #threatresq
@ThreatResq
28 Mar 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
28 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 #Google #Chrome #CVE-2025-2783: Critical Sandbox Escape Vulnerability Exploited in the Wild https://t.co/d4t3kYgEmw
@UndercodeNews
27 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-Day en Chrome Google parcheó CVE-2025-2783, una vulnerabilidad crítica en Chrome para Windows explotada activamente en ataques contra organizaciones rusas. 📰 Más info: https://t.co/Uf1CK1Hrsd #Ciberseguridad #ZeroDay #Chrome
@Cyph3R_CyberSec
27 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Important security update: @opera and @operagxofficial have received a security fix for the latest zero-day vulnerability in Chromium: CVE-2025-2783 Update now to the latest versions: - Opera version 117.0.5408.163 - Opera GX version 117.0.5408.162 https://t.co/cwF5pYXWkl
@Opera_Security
27 Mar 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Google Chrome vulnerability CVE-2025-2783 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/b9o6v58zrB
@CISACyber
27 Mar 2025
5976 Impressions
35 Retweets
43 Likes
5 Bookmarks
1 Reply
3 Quotes
🛡️Nuevo ataque Zero-Day en Google Chrome: no hace falta más que un clic para caer ⚠️ Una nueva vulnerabilidad crítica (CVE-2025-2783) fue explotada en ataques reales, sin requerir que la víctima hiciera más que abrir un enlace en Chrome. Fue descubierto por Kaspersky. Este ht
@CycuraMX
27 Mar 2025
5364 Impressions
52 Retweets
106 Likes
28 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-2783 🔴 HIGH (8.3) 🏢 Google - Chrome 🏗️ 134.0.6998.177 🔗 https://t.co/vEuW1ycpLt 🔗 https://t.co/c3qsHYpS2H #CyberCron #VulnAlert #InfoSec https://t.co/GSYLJi94BK
@cybercronai
27 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/BcZaEdrIQB
@Dinosn
27 Mar 2025
3065 Impressions
16 Retweets
43 Likes
13 Bookmarks
0 Replies
0 Quotes
🚨 Chrome zero-day exploited in the wild... Google patches CVE-2025-2783, a high-severity flaw in Chrome for Windows—actively used in attacks on Russian orgs. https://t.co/W1keFLSq81
@achi_tech
27 Mar 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨BREAKING: Google patches the FIRST Chrome zero-day of 2025 (CVE-2025-2783) exploited in wild attacks on Russian orgs! Update NOW to stay safe. #Cybersecurity #ChromeUpdate #ZeroDay 👇 https://t.co/Cnu3u5WFIf
@_F2po_
27 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857 Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent proces… https://t.co/dvfomQ4vCs
@CVEnew
27 Mar 2025
189 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Chrome update alert! CVE-2025-2783 patched - a zero-day vulnerability exploited in phishing attacks targeting Russian organizations. Update your browser ASAP to stay secure! #CyberSecurity #TechUpdate #GoogleChrome https://t.co/QzFMUd1fXe
@HexcladSecurity
27 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
27 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical Security Alert 🚨 A newly discovered CVE-2025-2783 vulnerability in Google Chrome allows attackers to bypass the browser’s sandbox protections. It is actively being exploited in a targeted APT campaign called Operation ForumTroll, focusing on media and educational ht
@s3rkanbil3n
27 Mar 2025
210 Impressions
0 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Security Alert 🚨 A newly discovered CVE-2025-2783 vulnerability in Google Chrome allows attackers to bypass the browser’s sandbox protections. It is actively being exploited in a targeted APT campaign called Operation ForumTroll, focusing on media and educational ht
@s3rkanbil3n
27 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐀𝐥𝐞𝐫𝐭! 🚨 Google has just patched a high-severity vulnerability in Chrome, actively exploited in espionage attacks against Russian organizations. The flaw, CVE-2025-2783, targets Windows systems and has been used in sophisticated phishing campaigns. https
@viehgroup
27 Mar 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
グーグル、スパイ活動キャンペーンで悪用されたChromeのゼロデイ脆弱性を修正(CVE-2025-2783) https://t.co/KQlwPgNPmd Googleは、ロシアのメディアや教育機関を狙ったスパイ攻撃に利用されたChromeのゼロデイ脆弱性(CVE-2025-2783)を修正しました。 #Security #セキュリティ #ニュース
@SecureShield_
27 Mar 2025
46 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
ZERO-DAY ALERT! Google just patched CVE-2025-2783, a critical Chrome vulnerability exploited in Russian espionage attacks. Linked to Operation Forum Troll, this flaw allows sandbox bypass via phishing emails. #cybersecurity #chromeupdate #zeroday #APTattack https://t.co/1LBSig0
@Privarase
27 Mar 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT: Hackers are exploiting a Google Chrome Zero-Day (CVE-2025-2783) They can: Bypasses security Runs malicious code Steals data Update Chrome NOW & use advanced security solutions to stay safe #CyberSecurity #ZeroDayAttack #GoogleChrome https://t.co/kqlT282Daw
@XownSolutions
27 Mar 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches Actively Exploited Chrome Zero-Day (CVE-2025-2783) in Espionage Campaign https://t.co/rxWN3EDqsR #CyberSecurity #GoogleChrome #ZeroDay #Cybernews #Cyberinsights #ThreatIntel #AIdrivenGRC #ASM #Cloudsecurity #Cytrusst https://t.co/KYA1vbsUvg
@cytrusst
27 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent, un grup de actori statali a exploatat o vulnerabilitate zero-day, identificată ca CVE-2025-2783, în browserul Google #Chrome pentru o operațiune de spionaj denumită #ForumTroll ce viza publicații media și instituții educaționale din #Rusia . https://t.co/rSRTBVpgjr
@hackuritate
27 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【ニュース💬📃】当社のグローバル調査分析チーム(GReAT)は、Google Chromeのゼロデイ脆弱性( #CVE-2025-2783 )を特定しました。この脆弱性を悪用した攻撃では、悪意のあるリンクをクリックするだけでマルウェアに感染する可能性があり、非常に高度な技術が用いられていました。 https://t.co/QlR6ARbF8h
@kaspersky_japan
27 Mar 2025
1210 Impressions
4 Retweets
12 Likes
1 Bookmark
0 Replies
0 Quotes
📢 CiberSeguridad en menos de 5 minutos 🕵️ Zero-Day en Chrome usado en espionaje – CVE-2025-2783 permitía ejecutar código fuera del sandbox; usado en la campaña Operation ForumTroll contra medios y entidades gubernamentales. 🪪 Vulnerabilidad en Windows filtra hashes NTLM – Día
@Seifreed
27 Mar 2025
933 Impressions
5 Retweets
30 Likes
4 Bookmarks
0 Replies
0 Quotes
【ニュース💬📃】当社のグローバル調査分析チーム(GReAT)は、Google Chromeのゼロデイ脆弱性(CVE-2025-2783)を特定しました。この脆弱性を悪用した攻撃では、悪意のあるリンクをクリックするだけでマルウェアに感染する可能性があり、非常に高度な技術が用いられていました。 🔹 https://t.co/3e4hWqLHz0
@kaspersky_japan
27 Mar 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has released a security update to fix a critical Chrome zero-day vulnerability (CVE-2025-2783) that was actively exploited in cyber-espionage attacks. #Google #vulnerabilitymatters https://t.co/PiB4lDsUld
@OfficialAbijita
27 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome was affected by CVE-2025-2783 #GoogleChrome #CVE-2025-2783 https://t.co/72oKFNf28s
@pravin_karthik
27 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google が Chrome サンドボックス バイパス ゼロデイ脆弱性 (CVE-2025-2783) を修正 Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) #HelpNetSecurity (Mar 26) https://t.co/tcuspWapMF
@foxbook
26 Mar 2025
283 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cybersecurity Update: Key Developments You Should Know 🚨 Google Chrome Users Targeted in Cyber-Espionage Campaign A sophisticated malware campaign, dubbed "Operation ForumTroll," has been exploiting a zero-day vulnerability (CVE-2025-2783) in Chrome. Targets include media ht
@cyberakira_ltd
26 Mar 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55EB6B03-2E87-4B74-A41D-1A48BAFDC687",
"versionEndExcluding": "134.0.6998.177"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]