CVE-2025-2783

HIGH KEV

Mojo in Google Chrome <134.0.6998.177 - RCE

Title source: llm

Description

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Exploits (4)

nomisec WORKING POC 30 stars

by Alchemist3dot14 · poc

https://github.com/Alchemist3dot14/CVE-2025-2783

View Code ZIP pw:eip

github SUSPICIOUS 13 stars

by Leviticus-Triage · pythonpoc

https://github.com/Leviticus-Triage/ChromSploit-Framework

View Code ZIP pw:eip

nomisec WORKING POC 6 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-2783

View Code ZIP pw:eip

exploitdb WORKING POC

by nu11secur1ty · textwebappswindows

https://www.exploit-db.com/exploits/52403

View Code ZIP pw:eip

References (3)

[Release Notes] https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

[Permissions Required] https://issues.chromium.org/issues/405143032

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783

Scores

CVSS v3 8.3

EPSS 0.3541

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2025-03-27

VulnCheck KEV 2025-03-25

ENISA EUVD EUVD-2025-8225

Classification

Status published

Affected Products (1)

google/chrome < 134.0.6998.177

Timeline

Published Mar 26, 2025

KEV Added Mar 27, 2025

Tracked Since Feb 18, 2026