Summary

Vulnerability Name

Google Chrome Sandbox Escape (CVE-2025-2783)

Released on

March 26, 2025

Affected Component

Google Chrome

Affected Version

Google Chrome versions earlier than 134.0.6998.177 on Windows

Vulnerability Type

Code execution

Exploitation Condition

  1. User authentication: not required.
  2. Precondition: default configurations.
  3. Trigger mode: remote.

Impact

Exploitation difficulty: easy. Attackers can remotely execute code without authentication.

Severity: high. Attackers can remotely execute code without authentication.

Official Solution

Available

About the Vulnerability

Component Introduction

Google Chrome is a web browser developed by Google based on other open source software such as WebKit, aiming to enhance browsing stability, speed, and security and create a simple but efficient user interface.

Vulnerability Description

On March 26, 2025, Sangfor FarSight Labs received notification of the Google Chrome Sandbox Escape (CVE-2025-2783) vulnerability, classified as high in threat level.

This vulnerability allows remote attackers to manipulate Mojo, a component crucial for inter-process communication (IPC) in Google Chrome on Windows platforms, to escape Chrome's sandbox system and execute arbitrary code without authorization, leading to potential host compromises. Take note that this vulnerability has been exploited in the wild.

Affected Versions

Google Chrome versions earlier than 134.0.6998.177 on Windows platforms are affected.

Solutions

Remediation Solutions

Version Check

To view the version information, open the Google Chrome browser, move the pointer over the More icon in the upper-right corner of the browser, and click Settings. On the Settings page, click About Chrome in the left-side pane.

Official Solution

The latest version has been officially released to fix the vulnerability. Affected Windows users are advised to update the Google Chrome version to 134.0.6998.177 or later.

Download link: https://www.google.cn/chrome

Sangfor Solutions

Sangfor Endpoint Secure can proactively detect vulnerabilities in Google Chrome and provides solutions to discover assets vulnerable to the Google Chrome Sandbox Escape (CVE-2025-2783) vulnerability in batches. The corresponding fingerprint ID is 0000398.

Timeline

On March 26, 2025, Sangfor FarSight Labs received notification of the Google Chrome Sandbox Escape (CVE-2025-2783) vulnerability.

On March 26, 2025, Sangfor FarSight Labs released a vulnerability alert.

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2025-1974: Ingress NGINX Controller Remote Code Execution

Date : 01 Apr 2025
Read Now

CVE-2024-55591: FortiOS and FortiProxy Authentication Bypass Vulnerability

Date : 26 Mar 2025
Read Now

Roundup of Microsoft Patch Tuesday (March 2025)

Date : 14 Mar 2025
Read Now

See Other Product

Platform-X
Sangfor Access Secure - A SASE Solution
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2025
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure