CVE-2025-2783 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-03-26

Added to CISA KEV: 2025-03-27 1 DAY BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Update Chrome to version 134.0.6998.177 or later immediately on all Windows systems
Implement email security controls to block malicious file attachments
Monitor for suspicious Chrome processes or unexpected system behavior
Educate users about not opening suspicious files or links
Consider application whitelisting to prevent unauthorized code execution

CVE-2025-2783 is a high-severity security vulnerability in Google Chrome on Windows that allowed for a sandbox escape ^[1].

Vulnerability Type: The issue involved an incorrect handle being provided in unspecified circumstances within Mojo, the inter-process communication (IPC) system used by Chromium ^[1].
Impact: Successful exploitation allowed a remote attacker to escape the browser's sandbox, potentially leading to arbitrary code execution on the underlying Windows system ^[1] ^[5].

Active Exploitation: The vulnerability was actively exploited in the wild as a zero-day ^[2] ^[4].
Attack Context: It was identified as being used in a wave of targeted attacks as part of a "1-click" attack chain ^[4].
Requirements: Exploitation typically required a user to interact with a malicious file or visit a compromised web page, which would then trigger the sandbox escape from a restricted renderer process ^[1] ^[5].
Exploit Availability: Following its disclosure, various proof-of-concept and exploit implementations appeared in public repositories, including some claiming to demonstrate full-chain exploits ^[3] ^[5].

Affected Versions: The vulnerability affected Google Chrome on Windows versions prior to 134.0.6998.177 ^[1].
Patch Status: This issue was addressed in the version mentioned above. Users were advised to update their browsers immediately ^[1].
Related Incidents: The discovery of this vulnerability led to the identification of similar patterns in other browsers, such as Firefox, where developers identified and patched comparable IPC-related sandbox escape risks ^[2].

CVE-2025-2783 Detail - NVD
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a ... CVE-2025-2783 Detail Description Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.699…
NVD - CVE-2025-2857
CVE-2025-2857 Detail. Description. Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape…
byteReaper77/CVE-2025-2783: This project is a research ... - GitHub
This project is a research-oriented and educational simulation designed to demonstrate the concept of a sandbox escape vulnerability within Google Chrome ...
ITW 0-day Google Chrome Sandbox Escape [405143032] - Chromium
We were able to catch a 0-day Google Chrome sandbox escape exploit that was recently used in a wave of targeted attacks as a part of 1-click attack chain.
GitHub - aronfour/CVE-2025-2783: Full-chain exploit for CVE-2025-2783 ...
This repository contains a full-chain exploit implementation for CVE-2025-2783. The vulnerability resides in Chromium's Ipcz communication layer, allowing an attacker to achieve sandbox escape and arbitrary code execution from a restricted renderer process.

🟢 CVE-2025-2783