Security News > 2025 > March > Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
2025-03-26 10:58
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by a suspected state-sponsored APT group to target media outlets and educational institutions in Russia. About CVE-2025-2783 Google explains the source of the flaw thus: “Incorrect handle provided in unspecified circumstances in Mojo on Windows.” … More → The post Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) appeared first on Help Net Security.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-26 | CVE-2025-2783 | Unspecified vulnerability in Google Chrome Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. | 0.0 |