CVE-2025-2783
Published: 26 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-2783 is a vulnerability in the Mojo component of Google Chrome on Windows versions prior to 134.0.6998.177. It stems from an incorrect handle provided in unspecified circumstances, allowing a remote attacker to escape the browser's sandbox via a malicious file. The Chromium security team classified it as High severity, with a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
A remote attacker requires no privileges but must achieve high attack complexity and rely on user interaction, such as opening a malicious file. Exploitation enables a sandbox escape, changing the scope to potentially compromise the system with high impacts on confidentiality, integrity, and availability.
Google released a patch in the stable channel update for Chrome version 134.0.6998.177 and later, as announced at chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html. Additional details are available in the Chromium issue tracker at issues.chromium.org/issues/405143032.
The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, as referenced at www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783, signaling active real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 27 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a sandbox escape vulnerability in Chrome (client application) triggered by a malicious file, directly enabling exploitation for client execution (T1203) to run code outside the sandbox and exploitation for privilege escalation (T1068) to achieve system-level access with high impact.