Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-2783

HIGH
Published 2025-03-26T16:07:51.034Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-2783. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
8.3
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.055
probability
of exploitation in the wild

There is a 5.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.897
Higher than 89.7% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Available Exploits

No exploits available for this CVE.

Related News

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerabil…

Internet 2025-06-17 19:16
Read More
Vulnerability Summary for the Week of March 24, 2025

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info n/a -- n/a Following the recent Chrome sandbox escape (CVE-2025-2783), various F…

Cisa.gov 2025-03-31 11:54
Read More
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firef…

Help Net Security 2025-03-28 10:57
Read More
Chrome Security Vulnerability Patched—Update Now to Stay Safe

Google just dropped an emergency patch for a serious Chrome security vulnerability—and if you’re on Windows, you’ll want to update right now. The flaw, tracked as CVE-2025-2783, was discovered by Kaspersky and allows hackers to bypass Chrome’s sandbox protect…

Phandroid - News for Android 2025-03-28 07:01
Read More
Mozilla Firefox Security Restriction Bypass Vulnerability

A vulnerability was identified in Mozilla Firefox. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system. Note: Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers i…

Hkcert.org 2025-03-28 01:15
Read More

Affected Products

Google

Chrome

Affected Versions:

134.0.6998.177

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

April 17, 2025

Added to KEV

March 27, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: Google
Product: Chromium Mojo

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.03.27 Released: March 27, 2025

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Affected Products (ENISA)

google
chrome

ENISA Scoring

CVSS Score (3.1)

8.3
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

6.260
probability

ENISA References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
https://issues.chromium.org/issues/405143032
https://nvd.nist.gov/vuln/detail/CVE-2025-2783

Data provided by ENISA EU Vulnerability Database. Last updated: June 6, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-hfqm-jfc6-rh2f

Advisory Details

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-2783
WEB https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
WEB https://issues.chromium.org/issues/405143032

Advisory provided by GitHub Security Advisory Database. Published: March 26, 2025, Modified: March 26, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

6 posts
Reddit 1 week, 5 days ago
crstux

🔥 Top 10 Trending CVEs (19/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2023-0386](https://nvd.nist.gov/vuln/detail/CVE-2023-0386)** - 📝 A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernels OverlayFS subsystem …

Also mentions: CVE-2025-33073 CVE-2025-0133 CVE-2025-24813 CVE-2024-55591 CVE-2023-0386 CVE-2023-33538
1
1.0
View Original
Reddit 1 week, 6 days ago
Sohini_Roy
Exploit Payload

🚨 Operation ForumTroll: The Chrome Zero-Day That Slipped Through the Cracks (CVE-2025-2783) In a stark reminder of how even the most trusted software can be turned against us, a critical zero-day vulnerability in **Google Chrome**—**CVE-2025-2783**—was recently discovered being actively exploited in the wild. The exploit, which targeted users via malicious …

1
1.0
View Original High Risk
Reddit 2 weeks ago
Poutcheki
Exploit Payload

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

1
1.0
View Original High Risk
Reddit 2 weeks ago
quellaman
Exploit Payload

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

1
1.0
View Original High Risk
Reddit 2 weeks ago
TheCyberSecurityHub
Exploit Payload

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

1
1.0
View Original High Risk
Reddit 2 weeks ago
Dark-Marc
Exploit Payload

Google Chrome 0-Day Vulnerability Exploited by APT Hackers **A recent exploitation of a vulnerability in Google Chrome reveals the increasing sophistication of APT groups targeting high-value organizations.** **Key Points:** - CVE-2025-2783 allows remote code execution through phishing emails. - Attacks employ sophisticated social engineering to lure victims into clicking malicious …

1
1
3.0
View Original High Risk

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
https://issues.chromium.org/issues/405143032
Published: 2025-03-26T16:07:51.034Z
Last Modified: 2025-03-28T03:55:51.833Z
Copied to clipboard!