Back to KEVs

CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 25, 2025
Published Date: March 26, 2025
Last Updated: June 06, 2025
Vendor: Google
Product: Chrome
Description: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Tags

CVSS Scores

CVSS v3.1

8.3 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-03-27 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2025-04-06 03:49:01 UTC) Source

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-03-27 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Alchemist3dot14/CVE-2025-2783

Type: github • Created: 2025-04-06 03:49:01 UTC • Stars: 2

Simulated PoC for CVE-2025-2783 — a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC simulation, and logging. Safe for red team demos, detection engineering, and educational use.

Timeline

CVE ID Reserved

March 25, 2025
CVE Published to Public

March 26, 2025
Added to KEVIntel

March 27, 2025
Proof of Concept Exploit Available

April 06, 2025