CVE-2025-2783 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.3 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Chrome	CNA	---				---
CISA-ADP	ADP	8.3 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
google	chrome	𝑥 < 134.0.6998.177

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

chromium

bullseye (security)	120.0.6099.224-1~deb11u1 fixed
bullseye	120.0.6099.224-1~deb11u1 fixed
bookworm	134.0.6998.35-1~deb12u1 fixed
bookworm (security)	134.0.6998.117-1~deb12u1 fixed
sid	134.0.6998.117-1 fixed
trixie	134.0.6998.117-1 fixed

Vulnerability Media Exposure

[GERMAN] Jetzt updaten! Zero-Day-Sicherheitslücke in Chrome wird angegriffen
Google hat dem Webbrowser Chrome ein Update spendiert. Es schließt eine Zero-Day-Lücke, die bereits angegriffen wird.
Published: 2025-03-26T06:25:00+00:00
[ENGLISH] Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783 (CVSS score: 8.3), has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo
Published: 2025-03-26T16:40:00+05:30
[GERMAN] Dringend patchen: Gefährliche Zero-Day-Lücke in Chrome für Spionage ausgenutzt
Angreifer können aus der Chrome-Sandbox ausbrechen und Code auf dem Windows-System des Nutzers ausführen. Es reicht der Besuch einer bösartigen Webseite. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/browser/">Browser</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194682&page=1&ts=1742976241" width="1" />
Published: 2025-03-26T10:04:03+02:00
[GERMAN] Google Chrome/Microsoft Edge: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome/Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Published: 2025-03-25T23:00:00+00:00
[GERMAN] Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt
Nicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/firefox/">Firefox</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194773&page=1&ts=1743148082" width="1" />
Published: 2025-03-28T09:48:05+02:00
[ENGLISH] Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (
Published: 2025-03-28T11:14:00+05:30

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

https://issues.chromium.org/issues/405143032