CVE-2025-2783

CVSS 8.3 HIGHEPSS 8.6%● KEV

In short

A flaw in Chrome's Mojo messaging system on Windows allows an attacker to bypass the browser's sandbox protection by tricking Chrome into processing a specially crafted file, potentially gaining full access to the infected computer.

Technical detail

An incorrect handle management vulnerability in Mojo (Chrome's inter-process communication framework) on Windows permits remote code execution outside the sandbox context. The attack vector involves delivery of a malicious file that exploits improper handle validation; successful exploitation requires user interaction to open the file and results in complete sandbox escape with system-level privileges.

Summary generated and translated by AI from the official description.

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Google · Chrome

public PoCs found — 5

githubgithub.com/Alchemist3dot14/CVE-2025-2783★ 32 githubgithub.com/aronfour/CVE-2025-2783★ 11 githubgithub.com/byteReaper77/CVE-2025-2783★ 8 githubgithub.com/ElianGonzi00/CVE-2025-2783★ 0 exploitdbwww.exploit-db.com/exploits/52403unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783