CVE-2025-2783
Published Mar 26, 2025
Last updated 5 months ago
- Description
- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium Mojo Sandbox Escape Vulnerability
- Exploit added on
- Mar 27, 2025
- Exploit action due
- Apr 17, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Falha grave no Chrome (CVE-2025-2783) está sendo explorada. Google lançou atualização de emergência. Atualize agora para se proteger! Saiba mais no blog. #segurancadigital #chrome
@LCRootAc
5 Mar 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ForumTroll APT targets Russian political scientists with spearphishing emails exploiting Chrome CVE-2025-2783 to deploy LeetAgent backdoor and Dante spyware. #APT https://t.co/zxNJRnVdQq
@threatcluster
17 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CyberSecurity #VulnerabilityReport Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign https://t.co/aW7lHV5Pe1
@Komodosec
3 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Nuestros investigadores han descubierto que el grupo APT ForumTroll y la empresa italiana Memento Labs (antes HackingTeam) utilizaban la misma herramienta maliciosa llamada LeetAgent. Esta herramienta combinaba un exploit de día-cero en Chrome (CVE-2025-2783) con un spy
@KasperskyES
17 Nov 2025
248 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Nuestros investigadores han descubierto que el grupo APT ForumTroll y la empresa italiana Memento Labs (antes HackingTeam) utilizaban la misma herramienta maliciosa llamada LeetAgent. Esta herramienta combinaba un exploit de día-cero en Chrome (CVE-2025-2783) con un spy
@KasperskyES
6 Nov 2025
260 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783 (Chrome zero-day vulnerability) : Italian-made spyware Dante linked to Chrome zero-day exploitation campaign #Operation_ForumTroll, #Spyware_Dante Italian company Memento Labs (formerly Hacking Team) Comeback. https://t.co/28rvm41rBN
@haydar_beklemez
4 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New 'Dante' spyware by Memento Labs, formerly Hacking Team, used in Operation ForumTroll with Chrome zero-day vulnerability (CVE-2025-2783) #cybersecurity @HackRead https://t.co/qeZlxt4CTe
@not2cleverdotme
4 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New 'Dante' spyware by Memento Labs, linked to Hacking Team, used Chrome zero-day vulnerability (CVE-2025-2783) in Operation ForumTroll attack campaign. https://t.co/qeZlxt4CTe
@not2cleverdotme
3 Nov 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783 (Chrome zero-day vulnerability) : Italian-made spyware Dante linked to Chrome zero-day exploitation campaign #Operation_ForumTroll, #Spyware_Dante Italian company Memento Labs (formerly Hacking Team) Comeback. https://t.co/uvcdv8qK0K https://t.co/pqO3dhUtgH
@freedomhack101
3 Nov 2025
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 MALWARE, RANSOMWARE Y VULNERABILIDADES: Semana 27 OCT – 2 NOV 2025 🚨 La red arde: exploits, spyware, IA fuera de control y corporaciones tambaleando entre despidos masivos y fallos catastróficos. 👇 ⚠️ Kaspersky revela un día cero en Chrome (CVE-2025-2783) usad
@MineryReport
3 Nov 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
3 Nov 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
2 Nov 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Phishing link → WebGPU decrypt → Shellcode injection → COM hijack for persistence. Deploys Dante spyware (successor to RCS(Hacking Team), now Memento Labs) + custom LeetAgent for keylogging, file theft. Exploits: Zero-days CVE-2025-2783 (Chrome sandbox escape) & Phi
@minacrissDev_
31 Oct 2025
556 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how Kaspersky uncovered the ForumTroll APT using the Italian-made Dante spyware by Memento Labs (ex-Hacking Team), exploiting a Chrome zero-day (CVE-2025-2783) in targeted espionage campaigns against Russian orgs. A chilling return of a notorious spyware legacy! https://
@ActuseaDir
30 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Active zero-day exploits targeting Chrome (CVE-2025-2783) and Microsoft's Chakra engine via IE mode have been identified. These can lead to remote code execution and spyware installation. Patch your systems and browsers immediately to mitigate risk. #CyberSecurity https:/
@RoelofMol
30 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome Zero-Day kihasználásával fertőz a LeetAgent kémprogram A Kaspersky kutatói olyan támadássorozatot tártak fel, amelyben a Google Chrome egy addig ismeretlen, azóta javított biztonsági hibáját (CVE-2025-2783) használták fel célzott kiberkémkedési művelet
@linuxmint_hun
29 Oct 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💻 Chrome zero-day CVE-2025-2783 exploited by "Mem3nt0 mori" APT in espionage campaign! Attacks targeted Russia & Belarus, deploying LeetAgent spyware via phishing links. #ZeroDay #Chrome #APT #Spyware #Infosec 🔗 https://t.co/UtgUBq3cQt
@NetSecIO
29 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today’s cyber brief (Oct 29): 💠 MedImpact ransomware (Qilin) → prep PHI comms. 💠 DELMIA Apriso added to CISA KEV → patch & hunt. 💠 Tomcat CVE-2025-55752 (path traversal) → disable 💠 PUT + update. Chrome 0-day CVE-2025-2783 (Dante/LeetAgent) → force
@TrescudoCyber
29 Oct 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Nuevo caso de espionaje digital: un fallo en Chrome permitió instalar spyware desde Italia Kaspersky reveló que un grupo de espionaje explotó una vulnerabilidad crítica en Google Chrome (CVE-2025-2783) para instalar LeetAgent. Es un spyware desarrollado por la empre
@CycuraMX
29 Oct 2025
1604 Impressions
12 Retweets
25 Likes
6 Bookmarks
0 Replies
0 Quotes
El spyware Dante está vinculado a una campaña de día cero de explotación en Chrome. Google parchó una vulnerabilidad día Jero de Chrome (CVE-2025-2783) que fue usada para instalar el spyware LeetAgent. #ciberseguridad #cybersecurity https://t.co/5rSiyK5wI0 https://t.co/Qs8
@EHCGroup
28 Oct 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome Under Attack: Hackers Exploit Zero-Day Vulnerability! A new Google Chrome zero-day (CVE-2025-2783) has recently been exploited to deliver the advanced LeetAgent spyware via malicious phishing links — enabling attackers to break browser sandbox protections and take full
@ChbibAnas
28 Oct 2025
23 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerta de Ciberseguridad Nuestro SOC detectó la explotación activa de una vulnerabilidad crítica en Google Chrome (CVE-2025-2783) usada para distribuir spyware. ⚠️ Actualiza de inmediato a la última versión. #Ciberseguridad #CompuNet #Chrome #CVE20252783 https://t.c
@CompunetChile
28 Oct 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome Zero-Day (CVE-2025-2783) Used to Deliver Spyware – Are You at Risk? Read the full report on - https://t.co/R6013QrjV6 https://t.co/6ItCkjKapb
@cyberbivash
28 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alert: Kaspersky found Operation ForumTroll using personalized phishing emails to exploit CVE-2025-2783, a Chrome sandbox escape flaw. Attackers deploy "Dante" spyware by Memento Labs on Russian entities. Stay vigilant: check for Base64 folders in %LocalAppData%, bolster ema
@bigmacd16684
28 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
„Google Chrome“ naršyklėje jau ištaisytas „nulinių dienų“ pažeidžiamumas CVE-2025-2783 buvo aktyviai išnaudojamas platinant šnipinėjimo įrankius, sukurtus Italijos įmonės „Memento Labs“ https://t.co/xcoQ1Ziw2d
@grigaliunas
28 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chromeのゼロデイ脆弱性CVE-2025-2783の悪用により、イタリア企業Memento Labs製スパイウェアが配布されていたことが判明した。攻撃は「Operation ForumTroll」と呼ばれ、主にロシアの政府・研究機関・金融機関など
@yousukezan
28 Oct 2025
1932 Impressions
2 Retweets
18 Likes
5 Bookmarks
0 Replies
0 Quotes
Cyber chaos unfolds: massive breaches, sophisticated scams, zero-days, and sprawling fraud rings dominate in the last hour. Here’s what you need to know 🔥👇 🕵️♂️ Zero-day exploit CVE-2025-2783 actively abused in Google Chrome sandbox by espionage-linked threat
@np_cyber_news
28 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Chrome zero-day CVE-2025-2783 (CVSS 8.3) exploited to deliver #LeetAgent spyware via sandbox-escape RCE. Targets include media, research, and gov entities in Russia/Belarus. LeetAgent shows overlaps with Dante/TaxOff tooling for modular espionage. https://t.co/LvGmpYbOXB
@MeridianEU
28 Oct 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استُغل ثغرة أمنية غير مُكتشفة في جوجل كروم، التي تم تصحيحها لاحقاً، لتوزيع برنامج التجسس LeetAgent من شركة Memento Labs الإيطالية، حسبما أفادت كاسبرسكي. الثغرة C
@Cybercachear
28 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 افشای حمله هدفمند با بهرهگیری از باگ #Chrome 🔍 جاسوسافزار LeetAgent ساخت شرکت ایتالیایی Memento Labs در پشت حملات اخیر قرار دارد. 🎯 این بدافزار از نقص امنیتی CVE-2
@vulnerbyte
28 Oct 2025
28 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools. One click in Chromium = full sandbox escape. Read this → https://t.co/aTkSq0QITK
@TheHackersNews
28 Oct 2025
29649 Impressions
94 Retweets
215 Likes
50 Bookmarks
2 Replies
4 Quotes
The Hacking Team is back. GReAT's Boris Larin reveals at #TheSAS2025 how Memento Labs’ Dante spyware was linked to Operation ForumTroll — a campaign exploiting a Chrome 0-day (CVE-2025-2783). 🔗 Read the full story on Securelist: https://t.co/OModvY795d #CyberSecurity #AP
@kaspersky
27 Oct 2025
1509 Impressions
6 Retweets
22 Likes
3 Bookmarks
0 Replies
0 Quotes
برای مرورگر کروم آسیب پذیری با کد شناسایی CVE-2025-2783 منتشر شده است. برای امن سازی به نسخه Chrome 134 به روز رسانی نمایید. https://t.co/vlBgMReIh7 https://t.co/ENe9N6sbSB
@EthicalSafe
27 Oct 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Operation ForumTroll: A new cyber-espionage wave hits Russia & Belarus. 💠 Zero-day exploit (CVE-2025-2783) bypassed Chrome sandbox 💠 LeetAgent → Dante spyware chain 💠 Commercial spyware linked to private surveillance tech A glimpse into the darker side of com
@TechNadu
27 Oct 2025
80 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A bombshell start to #TheSAS2025 — @oct0xor shares details of the new commercial #spyware, Dante, developed by Memento Labs (better known by its former name, Hacking Team). The malware infection began with the exploitation of CVE-2025-2783 in #Chrome, a strange new bug class. h
@TheSAScon
27 Oct 2025
3309 Impressions
5 Retweets
24 Likes
5 Bookmarks
0 Replies
2 Quotes
First talk in #TheSAS2025 talk, Zero Day in Chrome: CVE-2025-2783 https://t.co/RHQI7QJBEY
@revers3vrything
27 Oct 2025
4134 Impressions
6 Retweets
55 Likes
13 Bookmarks
2 Replies
0 Quotes
The return of Hacking Team – a first look at the Dante malware Kaspersky GReAT researchers have reconstructed the infection chain used in ForumTroll APT attacks targeting Russian organizations. Short-lived web pages exploiting the Chrome zero-day CVE-2025-2783 delivered the h
@kaspersky
27 Oct 2025
1656 Impressions
0 Retweets
13 Likes
1 Bookmark
0 Replies
1 Quote
CVE-2025-2783 is a high-severity Chrome Mojo IPC sandbox-escape vulnerability (CVSS 8.8) exploited in espionage campaigns—update Chrome/Edge ASAP. https://t.co/FjQwmVSUoL #CVE #CommonVulnerabilities #sandboxescape #phishing #ZeroDay #Vulnerability #Exploit #CyberThreats
@SarahCross80725
21 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CyberSecurity #VulnerabilityReport Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign https://t.co/jJPI7Oh2bL
@Komodosec
23 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor #CISO https://t.co/bYPwB1wm8j https://t.co/zzIOB1fOrS
@compuchris
22 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor https://t.co/iigqo6NIGP #CyberSecurity #ZeroDay #GoogleChrome #CVE20252783 #CyberThreats https://t.co/UlKN5dNVbO
@blueteamsec1
19 Jul 2025
823 Impressions
0 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783: Google Chrome Zero-Day Exploit Publicly disclosed: March 26, 2025 Affected software: Google Chrome Severity: Critical This zero-day vulnerability allowed attackers to bypass Chrome's sandbox protections, enabling them to execute malicious code on affected systems.
@0dXa1
4 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
3 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
30 Jun 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
28 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-2783 exploited! Update Chrome ➜ 136.0.7104.90+, restart, done. Instrukcja ➡ https://t.co/FhqxdKSt6l #Chrome #ZeroDay #Bezpieczeństwo
@PointZeroPL
25 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
23 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
23 Jun 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Urgent! Google Chrome zero-day CVE-2025-2783 is being exploited by TaxOff to deploy the Trinper backdoor. Update your Chrome browser ASAP to stay protected! #Chrome #ZeroDay #Security #Cybersecurity #ThreatIntel #TaxOff #Trinper #BrowserSecurity https://t.co/SZQuH4f4qx
@xcybersecnews
22 Jun 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
22 Jun 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
21 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB6B03-2E87-4B74-A41D-1A48BAFDC687",
"versionEndExcluding": "134.0.6998.177",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]