Cyber Resilience

CVE-2025-2783

HighCISA KEVActive ExploitationEUVD Exploited

Published: 26 March 2025

Published
26 March 2025
Modified
24 October 2025
KEV Added
27 March 2025
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.4686 97.7th percentile
Risk Priority 65 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2783 is a high-severity an unspecified weakness vulnerability in Google Chrome. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 2.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2025-2783 is an incorrect handle issue in the Mojo component of Google Chrome on Windows in versions prior to 134.0.6998.177. The flaw permits a sandbox escape when a malicious file is processed under unspecified circumstances, carrying a CVSS 3.1 score of 8.3 reflecting network attack vector, high complexity, required user interaction, and full impact across confidentiality, integrity, and availability once the sandbox boundary is crossed.

A remote attacker can exploit the vulnerability by supplying a crafted file that the victim must open in an affected Chrome instance. Successful exploitation yields a sandbox escape, allowing code execution outside Chrome's security sandbox with the potential to affect the underlying Windows system at a high impact level.

The referenced Google Chrome stable channel update for desktop dated 25 March 2025 upgrades the browser to version 134.0.6998.177 to address the issue. The vulnerability is also catalogued in CISA's Known Exploited Vulnerabilities list, confirming that mitigation through patching is required for affected Windows deployments.

The EPSS score rose from lower values to a peak of 0.5010 on 18 February 2026 before receding to the current 0.4686, indicating that exploitation interest increased after public disclosure.

EU & UK References

Vulnerability details

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

CWE(s)
KEV Date Added
27 March 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a sandbox escape vulnerability in Chrome (client application) triggered by a malicious file, directly enabling exploitation for client execution (T1203) to run code outside the sandbox and exploitation for privilege escalation (T1068) to achieve system-level access with high impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6311Same product: Google Chrome
CVE-2026-8574Same product: Google Chrome
CVE-2026-8530Same product: Google Chrome
CVE-2026-9905Same product: Google Chrome
CVE-2026-9932Same product: Google Chrome
CVE-2026-7994Same product: Google Chrome
CVE-2026-9890Same product: Google Chrome
CVE-2026-8573Same product: Google Chrome
CVE-2026-8510Same product: Google Chrome
CVE-2026-9966Same product: Google Chrome

Affected Assets

google
chrome
≤ 134.0.6998.177

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the specific sandbox escape flaw in Chrome via patching to version 134.0.6998.177 or later, as listed in the CISA KEV catalog.

preventdetect

Deploys anti-malware tools to scan, block, and remove malicious files exploiting the Mojo handle vulnerability for sandbox escape.

prevent

Enforces process isolation to contain sandbox escapes from incorrect Mojo handles and limit post-escape privileges.

References