Summary
Vulnerability Name | Google Chrome Sandbox Escape (CVE-2025-2783) |
---|---|
Released on | March 26, 2025 |
Affected Component | Google Chrome |
Affected Version | Google Chrome versions earlier than 134.0.6998.177 on Windows |
Vulnerability Type | Code execution |
Exploitation Condition |
|
Impact | Exploitation difficulty: easy. Attackers can remotely execute code without authentication. Severity: high. Attackers can remotely execute code without authentication. |
Official Solution | Available |
About the Vulnerability
Component Introduction
Google Chrome is a web browser developed by Google based on other open source software such as WebKit, aiming to enhance browsing stability, speed, and security and create a simple but efficient user interface.
Vulnerability Description
On March 26, 2025, Sangfor FarSight Labs received notification of the Google Chrome Sandbox Escape (CVE-2025-2783) vulnerability, classified as high in threat level.
This vulnerability allows remote attackers to manipulate Mojo, a component crucial for inter-process communication (IPC) in Google Chrome on Windows platforms, to escape Chrome's sandbox system and execute arbitrary code without authorization, leading to potential host compromises. Take note that this vulnerability has been exploited in the wild.
Affected Versions
Google Chrome versions earlier than 134.0.6998.177 on Windows platforms are affected.
Solutions
Remediation Solutions
Version Check
To view the version information, open the Google Chrome browser, move the pointer over the More icon in the upper-right corner of the browser, and click Settings. On the Settings page, click About Chrome in the left-side pane.
Official Solution
The latest version has been officially released to fix the vulnerability. Affected Windows users are advised to update the Google Chrome version to 134.0.6998.177 or later.
Download link: https://www.google.cn/chrome
Sangfor Solutions
Sangfor Endpoint Secure can proactively detect vulnerabilities in Google Chrome and provides solutions to discover assets vulnerable to the Google Chrome Sandbox Escape (CVE-2025-2783) vulnerability in batches. The corresponding fingerprint ID is 0000398.
Timeline
On March 26, 2025, Sangfor FarSight Labs received notification of the Google Chrome Sandbox Escape (CVE-2025-2783) vulnerability.
On March 26, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html