CVE-2025-2783:
An incorrect handle handling in Mojo within Google Chrome on Windows allowed a remote attacker to escape the sandbox via a malicious file, affecting Chrome versions prior to 134.0.6998.177 (Windows).
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.3High- Published Date:Mar 26, 2025
- CISA KEV Date:Mar 27, 2025
- Industries Affected:20
1 DaysThreat Predictions
- EPSS Score:39.5
- EPSS Percentile:97%
Exploitability
- Score:1.6
- Attack Vector:NETWORK
- Attack Complexity:HIGH
- Privileges Required:NONE
- User Interaction:REQUIRED
- Scope:CHANGED
Impact
- Score:6.0
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
An incorrect handle handling in Mojo within Google Chrome on Windows allowed a remote attacker to escape the sandbox via a malicious file, affecting Chrome versions prior to 134.0.6998.177 (Windows).
Overview
This CVE concerns a Mojo-related handle error in Google Chrome for Windows that could be exploited by a remote attacker through a malicious file to escape the browser sandbox. The vulnerability affects Chrome versions up to and including 134.0.6998.177 on Windows, carries a high severity with network access required and user interaction needed, and compromises all three core security objectives (confidentiality, integrity, and availability). The patch is included in version 134.0.6998.177 and newer.
Remediation
- Update Google Chrome to version 134.0.6998.177 or newer on all affected Windows systems.
- Ensure automatic updates are enabled and functioning, and verify that devices can receive and install the latest Chrome updates.
- For enterprise environments, deploy the update via your management platform (e.g., Google Admin Console / enterprise policies) to ensure rapid, organization-wide remediation.
- After deployment, verify the update by checking Chrome's version (chrome://settings/help) on endpoints to confirm 134.0.6998.177 or newer is installed.
- In the meantime, mitigate exposure by educating users to avoid opening untrusted files or attachments from unknown sources and encourage safe browsing practices until patches are applied.
- Monitor for security advisories and add any new updates related to CVE-2025-2783 from official Google Chrome channels.
References
- - Chrome Releases Blog: Stable Channel Update for Desktop (March 25, 2025) https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
- - Chromium Project: Issue 405143032 https://issues.chromium.org/issues/405143032
- - CISA Known Exploited Vulnerabilities (KEV) Catalog https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Jan 12, 2025
- CISA KEV Date:Mar 27, 2025
- Days Early:1 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
