CVE-2025-2783
Published: 26 March 2025
Summary
CVE-2025-2783 is a high-severity an unspecified weakness vulnerability in Google Chrome. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 2.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific sandbox escape flaw in Chrome via patching to version 134.0.6998.177 or later, as listed in the CISA KEV catalog.
Deploys anti-malware tools to scan, block, and remove malicious files exploiting the Mojo handle vulnerability for sandbox escape.
Enforces process isolation to contain sandbox escapes from incorrect Mojo handles and limit post-escape privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a sandbox escape vulnerability in Chrome (client application) triggered by a malicious file, directly enabling exploitation for client execution (T1203) to run code outside the sandbox and exploitation for privilege escalation (T1068) to achieve system-level access with high impact.
NVD Description
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Deeper analysisAI
CVE-2025-2783 is a vulnerability in the Mojo component of Google Chrome on Windows versions prior to 134.0.6998.177. It stems from an incorrect handle provided in unspecified circumstances, allowing a remote attacker to escape the browser's sandbox via a malicious file. The Chromium security team classified it as High severity, with a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
A remote attacker requires no privileges but must achieve high attack complexity and rely on user interaction, such as opening a malicious file. Exploitation enables a sandbox escape, changing the scope to potentially compromise the system with high impacts on confidentiality, integrity, and availability.
Google released a patch in the stable channel update for Chrome version 134.0.6998.177 and later, as announced at chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html. Additional details are available in the Chromium issue tracker at issues.chromium.org/issues/405143032.
The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, as referenced at www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783, signaling active real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 27 March 2025