CVE-2025-2783
Published Mar 26, 2025
Last updated 3 months ago
AI description
CVE-2025-2783 is a vulnerability in Google Chrome specifically affecting Windows users. It is described as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a collection of runtime libraries that facilitates inter-process communication (IPC). This vulnerability allowed attackers to bypass Chrome's sandbox protection. The vulnerability was exploited in the wild as part of a targeted attack dubbed "Operation ForumTroll," which targeted media outlets, educational institutions, and government organizations in Russia. The attack involved phishing emails with malicious links that, when clicked in Chrome, led to immediate infection. The exploit was designed to work with another exploit that enabled remote code execution, although the second exploit was not obtained by researchers. Google has addressed this vulnerability in Chrome version 134.0.6998.177/.178 for Windows.
- Description
- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 6
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Google Chromium Mojo Sandbox Escape Vulnerability
- Exploit added on
- Mar 27, 2025
- Exploit action due
- Apr 17, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Google Chrome's May update (versions 136.0.7103.113/.114) patches critical vulnerabilities, including actively exploited CVE-2025-4664 and the year's first zero-day CVE-2025-2783. Enjoy improved performance and new features! 🚀 #BrowserUpdate #SecurityAl… https://t.co/l2Rux7U
@TweetThreatNews
16 May 2025
85 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome users targeted in cyber-espionage via zero-day flaw (CVE-2025-2783). Update now, avoid phishing links, and enable enhanced security. #CyberSecurity https://t.co/1P9TNC5Zw1
@RelianceInfoSys
9 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783怖いな Electron使ってるやつあるから変えないとか…?
@ulong32
30 Apr 2025
139 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨NSOC Advisory🚨Chrome Zero-Day Patched: CVE-2025-2783 lets attackers escape the sandbox on Chrome < 134.0.6998.177 via a malicious file update to 134.0.6998.177+ immediately, enforce auto-updates via GPO/MDM, and tighten extension & EDR policies to prevent drive-by
@cirtgovjm
30 Apr 2025
207 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783 やばいなぁ。Chromium ベースのブラウザや Electron 系の UI は更新せんとまずいよ。
@mattn_jp
30 Apr 2025
26466 Impressions
48 Retweets
166 Likes
61 Bookmarks
0 Replies
4 Quotes
Google Chromeに重大な脆弱性(CVE-2025-2783)が発見された。これはV8 JavaScriptエンジンのメモリ破損に起因し、攻撃者がサンドボックスを脱出してOSにアクセスできる恐れがあるものである。
@yousukezan
29 Apr 2025
32676 Impressions
154 Retweets
390 Likes
136 Bookmarks
0 Replies
3 Quotes
🚨 New Chrome 0-day (CVE-2025-2783) lets attackers escape the sandbox via a flaw in Mojo IPC on Windows. Used in "Operation ForumTroll" to hit Russian media/gov orgs. ⚠️ CVSS 8.8 – Full system compromise via phishing/malicious sites. https://t.co/zg1a99JFxl
@CareWeDoNot
29 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783 Deep Dive Analysis https://t.co/baabN8FUfv
@Dinosn
29 Apr 2025
2890 Impressions
6 Retweets
36 Likes
13 Bookmarks
0 Replies
0 Quotes
Attention all users of Chromium-based browsers! A serious vulnerability, CVE-2025-2783, has been discovered that allows attackers to bypass browser security. This flaw affects popular browsers like Chrome, Edge, and Brave. Update to version 134.0.6998.178 or later. https://t.co/H
@The4n6Analyst
20 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
17 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
16 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Google lançou uma atualização emergencial e não programada para corrigir uma falha de segurança grave. A vulnerabilidade, identificada como CVE-2025-2783, foi descoberta por dois pesquisadores da Kaspersky Lab. Confira o artigo completo em nosso site: https://t.co/WWghdpjjxr
@grupo_redes1
16 Apr 2025
16 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
15 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A severe zero-day vulnerability (CVE-2025-2783) in Google Chrome has been exploited in real-world attacks, allowing hackers to bypass security protections. Google patched the flaw in version 134.0.6998.177/.178—users are urged to update immediately. https://t.co/Ic2WEtLIMW
@InformedAlerts
14 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"Google Chrome" brauzerində boşluq (CVE-2025-2783) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/50GpNyEDo6
@CERTAzerbaijan
9 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
6 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 ثغرة Zero-day تهدد مستخدمي متصفح Google Chrome! تم اكتشاف ثغرة (CVE-2025-2783) في متصفح Chrome بالإصدارات (177/178.0.6998.134)، والتي قد تُستغل في هجمات سيبرانية حقيقية. 💻 المتصفحات المتأثرة: •Chrome •Edge •Brave •Opera •Vivaldi جميعها مبنية على محرك Chromium، لذا فهي https
@CyberTask
6 Apr 2025
1671 Impressions
5 Retweets
28 Likes
17 Bookmarks
0 Replies
0 Quotes
¿Tienes Chrome actualizado a la última versión? 🧐 Asegúrate de hacerlo ya que soluciona la vulnerabilidad zero-day CVE-2025-2783 que hemos encontrado ✅ 🧐👉 https://t.co/fUljjMdnKY https://t.co/ZPaSgxLrSK
@KasperskyES
6 Apr 2025
293 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
6 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
5 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🦹🏻♀️👾 Villain of the Week 👾🦹🏻♀️ A high-severity zero-day vulnerability, CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser sandbox on Windows systems. This flaw was exploited in-the-wild and believed
@vicariusltd
3 Apr 2025
71 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Chrome: Actualizare critica pentru remedierea vulnerabilitatii CVE-2025-2783 https://t.co/GNVAOYl8ZY https://t.co/jF71dgYpFL
@Hit_Ro
3 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A high-severity flaw is actively exploited via phishing, bypassing Chrome’s protections (CVE-2025-2783). Update to 134.0.6998.177/.178. Contact us for help: https://t.co/eY0LLuQQdx Note: only targeting organizations in Russia—but could expand globally. #Cybersecurity https:
@BTAcyber
2 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2783 (Google Chrome Mojo Sandbox Escape) 🔥 A critical vulnerability in Google Chrome has emerged! CVE-2025-2783 allows remote attackers to escape the browser's sandbox via a malicious file. Explore more on Rapid Risk Radar: https://t.co/ss3kdzzWEp https://t.co/Xl9DBega
@rapidriskradar
2 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Because of CVE-2025-2783, Steel has migrated all browser infra from chromium to Netscape Navigator 4.08 Rendering speed? Unmatched (if you wait long enough). https://t.co/vlsVIXNbWX
@steeldotdev
1 Apr 2025
754 Impressions
4 Retweets
22 Likes
3 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-2783
@transilienceai
1 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783). Threat actors are exploiting this Vulnerability under a campaigned named "Operation ForumTroll" https://t.co/koofYZSFRc
@Ashutosh__048
1 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Chrome Zero-Day Flaw Discovered! Kaspersky Blocks APT Cyberattack 💻 Kaspersky has discovered a critical zero-day vulnerability (CVE-2025-2783) in Chrome, allowing sandbox bypass via malicious links. Google has patched the flaw as of March 25. 📍 Attack Overview ✅ Operation
@shinO7_O7
1 Apr 2025
154 Impressions
4 Retweets
31 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/uduwFnCjh5 Google Chrome è stato interessato da CVE-2025-2783 https://t.co/eVd6vWeyaY
@palmacci24838
31 Mar 2025
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Firefox users, update now! A critical bug (CVE-2025-2857) just got patched same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild. https://t.co/GvPy7ROC6I
@achi_tech
31 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome Zero-Day Alert! 🕵️♂️ Cyber-espionage campaign exploiting a Chrome vulnerability (CVE-2025-2783) is active! ⚠️ Hackers are using phishing emails to bypass Chrome’s sandbox protection. ✅ Fix coming soon—update ASAP & avoid suspicious links!
@CyberThreat_Int
31 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New Chrome & Firefox zero-days: Here’s what you need to know! - Attackers exploited a Chrome sandbox flaw (CVE-2025-2783) to target Russian journalists & gov agencies. - Mozilla found a similar unpatched Firefox bug (CVE-2025-2857). - Update your browser ASAP! #CyberSec
@Shift6Security
31 Mar 2025
46 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
31 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google ha corretto la vulnerabilità zero-day CVE-2025-2783 scoperta da due ricercatori di Kaspersky. #TFsoluzioniinformatiche #TECHFIVE2012 https://t.co/3UVwecVBv6
@TECHFIVE2012
31 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Atención usuarios de Chrome! La vulnerabilidad CVE-2025-2783 está siendo explotada en ataques. Es crucial actualizar tu navegador a la última versión para proteger tus datos. https://t.co/QPplVM7RBt
@Ulul4r
31 Mar 2025
8482 Impressions
8 Retweets
13 Likes
3 Bookmarks
0 Replies
2 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
30 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google has patched a previously unknown vulnerability in the Chrome browser that was used to deliver spyware to Russian users. The zero-day vulnerability, dubbed CVE-2025-2783, created an attack that could infect a Windows PC if the user clicked on a malicious link. https://t.co
@EngineerOboko
30 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ Cybersecurity News of the Week – March 25-31, 2025 🛡️ Here are the biggest cybersecurity stories you need to know this week: 🔹 🚨 Google Chrome Users Targeted by Sophisticated Malware A new zero-day vulnerability (CVE-2025-2783) is being exploited in cyber-espionage
@JaidenCyberSec
29 Mar 2025
343 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 Heads up! Google just patched a serious Chrome vulnerability (CVE-2025-2783) used in phishing attacks. Update to version 134.0.6998.178 to stay secure! How often do you check for your browser updates? Let's talk about it!
@Khalikov90
29 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds a critical Chromium sandbox escape flaw (CVE-2025-2783) to its Known Exploited Vulnerabilities catalog—actively exploited in the wild. Patch Chrome, Edge, or Opera now to avoid compromise. Details: https://t.co/jcJ872yqq7
@RedTeamNewsBlog
29 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are targeting Chrome users! 🛡️A critical flaw (CVE-2025-2783) puts your data at risk. 👉🏻 Swipe through to learn simple steps to secure your browser and stay safe online. #GoogleChrome #CyberSecurity #OnlineSafety https://t.co/OZx9efN52V
@AsianetNewsEN
29 Mar 2025
111 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2857: New Firefox Sandbox Escape Emerges Following Active Exploitation of CVE-2025-2783 https://t.co/K1KXm6HunP
@samilaiho
29 Mar 2025
804 Impressions
2 Retweets
3 Likes
2 Bookmarks
0 Replies
1 Quote
それでChromeもEdgeもバージョンアップがあったのか Google Chromeのゼロデイ脆弱性「CVE-2025-2783」が発覚。米当局は「Chromium」ベースのブラウザ全般が影響を受ける可能性を指摘し、注意喚起を行った #Chrome https://t.co/3QVfMYjveV
@HiroshiYoshida_
29 Mar 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2783
@transilienceai
29 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has added a high-severity Google Chromium vulnerability, CVE-2025-2783, to its catalog after active exploitation against Russian organizations. Users must update Chrome for Windows. 🇷🇺 #CISA #Vulnerability #GoogleChrome link: https://t.co/vgJx9qYI6T https://t.co/3S6V2WRO5
@TweetThreatNews
28 Mar 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mozilla corrige un error crítico de Firefox similar a la reciente vulnerabilidad de día cero de Chrome. Tras el reciente escape del entorno sandbox de Chrome (CVE-2025-2783), varios desarrolladores de Firefox identificaron un patrón similar. #cybersecurity https://t.co/wClmorAW0j
@EHCGroup
28 Mar 2025
45 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2783 #Google Chromium Mojo Sandbox Escape Vulnerability https://t.co/6GZiPZ81sT
@ScyScan
28 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
So @oct0xor & @2igosha have discovered a @googlechrome 0-day, being used in targeted attacks to deliver sophisticated #spyware. Recently it was just fixed 👉 CVE-2025-2783 . They are finally revealing the first details about it: "#OperationForumTroll” https://t.co/XI0UvLRM
@StringsVsAtoms
28 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has confirmed a series of cyber-espionage attacks affecting Chrome users, involving highly sophisticated malware triggered by phishing emails. Researchers from Kaspersky identified that the malware exploits a zero-day vulnerability, CVE-2025-2783, allowing attackers
@CyberThreat_Int
28 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 A Vulnerability exists in Google Chrome (CVE-2025-2783). Please see the @ncsc_gov_ie advisory for more information: https://t.co/tHxNZWf7mU
@ncsc_gov_ie
28 Mar 2025
216 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55EB6B03-2E87-4B74-A41D-1A48BAFDC687",
"versionEndExcluding": "134.0.6998.177"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]