CVE-2025-2783HIGH 8.3CISA KEVEPSS p94.4%

CVE-2025-2783Google Chromium Mojo Sandbox Escape Vulnerability

Google / Chromium Mojo

Description

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS8.56% probability of exploitation · percentile 94.4% · 2026-06-18T12:00:27Z
Published2025-03-26
Last modified2025-10-24

CISA KEV entry

Added to KEV: 2025-03-27

References

  1. https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
  2. https://issues.chromium.org/issues/405143032
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783

(incoming)1

TypeTargetConfidenceTier
KEVEntryGoogle Chromium Mojo Sandbox Escape Vulnerabilitykev-cve-2025-27830%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-4609
CVE
Google Chromium Mojo Insufficient Data Validation Vulnerability
CVE
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
CVE
CVE-2026-8580
CVE
Google Chromium Portals Use-After-Free Vulnerability
CVE
Google Chromium V8 Inappropriate Implementation Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.