CVE-2025-2783

ENISA EUVD: EUVD-2025-8225 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 20 articles Published: 2025-03-26

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

47.45%

probability

This CVE has a 47.45% probability of being exploited in the next 30 days.

0% Top 97.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.3

HIGH

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Affected Products

Google

Chrome

134.0.6998.177

google

chrome

Google

Chrome

134.0.6998.177 <134.0.6998.177

Google Project Zero

Patched

March 25, 2025

Reported by

Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) of Kaspersky

Root Cause Analysis

???

Exploits & PoC

Alchemist3dot14/CVE-2025-2783

Simulated PoC for CVE-2025-2783 — a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC simulation, and

32 2025-04-06

byteReaper77/CVE-2025-2783

This project is a research-oriented and educational simulation designed to demonstrate the concept of a sandbox escape vulnerability within Google C

8 2025-06-16

aronfour/CVE-2025-2783

Full-chain exploit for CVE-2025-2783 (Ipcz Sandbox Escape & RCE).

7 2026-04-01

3 repos — triés par ⭐ Rechercher sur GitHub ↗

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

https://issues.chromium.org/issues/405143032

Signal Intelligence

Confidenceⓘ

92%

EPSS 47.45%

CVSS v3.1 8.3

Mentions 20

Last Seen Feb 12, 2026

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2025-2783 is a high-severity sandbox escape vulnerability in Chrome's Mojo component with confirmed active exploitation in the wild, as evidenced by multiple reputable sources (BleepingComputer, TheHackerNews) reporting active attacks. The vulnerability has been patched by Google in version 134.0.6998.177, and Project Zero involvement further validates its legitimacy, warranting a CONFIRMED classification with high confidence.