Sandbox Escape Vulnerability in Mojo of Google Chrome
CVE-2025-2783
Key Information:
Badges
What is CVE-2025-2783?
CVE-2025-2783 is a high-severity vulnerability found in the Mojo component of Google Chrome, specifically affecting versions prior to 134.0.6998.177 for Windows. This flaw allows remote attackers to exploit a sandbox escape through malicious files, undermining the security intended to isolate web content and applications from the rest of the operating system. Given that Google Chrome is widely used for web browsing and online activities, this vulnerability poses a significant risk for organizations, as it can lead to unauthorized access to sensitive information and potential system compromise.
Technical Details
The vulnerability stems from an incorrect handling within the Mojo component of Google Chrome. It facilitates a sandbox escape, where attackers can circumvent the security model that confines processes to a controlled environment. Maliciously crafted files can trigger this vulnerability, enabling attackers to execute code outside the sandbox, thereby gaining broader access to the system.
Potential Impact of CVE-2025-2783
-
Unauthorized Access: Successful exploitation can allow attackers to gain unauthorized access to the machine, potentially granting them the ability to execute malicious actions and exfiltrate sensitive data.
-
System Compromise: The vulnerability may lead to full system compromise, where attackers can install additional malware, create backdoors, or manipulate system configurations to maintain persistent access.
-
Data Breach Risks: Organizations could face significant data breaches as a result of unauthorized data access, leading to potential legal implications, loss of customer trust, and financial consequences.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome 134.0.6998.177
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Google patched a Chrome 0-day (CVE-2025-2783) used in live attacks on Russian targets via phishing.
4 weeks ago
Firefox patches flaw similar to exploited Chrome zero-day
The sandbox escape flaw affected Firefox and Chrome browsers on Windows machines.
1 month ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
1 month ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📈
Vulnerability started trending
Vulnerability published
- 📰
First article discovered
Vulnerability Reserved