CVE-2025-2783
CVE-2025-2783
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.3EPSS 8.6%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
26 Mar 2025Published on NVD
27 Mar 2025Active exploitation (CISA KEV)
06 Apr 2025Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Chrome's Mojo messaging system on Windows allows an attacker to bypass the browser's sandbox protection by tricking Chrome into processing a specially crafted file, potentially gaining full access to the infected computer.
Technical detail
An incorrect handle management vulnerability in Mojo (Chrome's inter-process communication framework) on Windows permits remote code execution outside the sandbox context. The attack vector involves delivery of a malicious file that exploits improper handle validation; successful exploitation requires user interaction to open the file and results in complete sandbox escape with system-level privileges.
Summary generated and translated by AI from the official description.
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 5
githubgithub.com/Alchemist3dot14/CVE-2025-2783★ 32githubgithub.com/aronfour/CVE-2025-2783★ 11githubgithub.com/byteReaper77/CVE-2025-2783★ 8githubgithub.com/ElianGonzi00/CVE-2025-2783★ 0exploitdbwww.exploit-db.com/exploits/52403unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →