Back to KEVs

CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 25, 2025
Published Date: March 26, 2025
Last Updated: March 28, 2025
Vendor: Google
Product: Chrome
Description: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

CVSS Scores

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2025-03-27 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2025-04-06 03:49:01 UTC) Source

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-03-27 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Alchemist3dot14/CVE-2025-2783

Type: github • Created: 2025-04-06 03:49:01 UTC • Stars: 2

Simulated PoC for CVE-2025-2783 — a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC simulation, and logging. Safe for red team demos, detection engineering, and educational use.