PT-2025-12837 · Google +2 · Google Chrome +2
Published
2025-01-15
·
Updated
2026-01-05
·
CVE-2025-2783
CVSS v2.0
10
10
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 134.0.6998.177.
Description
A zero-day vulnerability, tracked as CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser's sandbox on Windows systems. This flaw was exploited in-the-wild and believed to be part of a sophisticated campaign dubbed "Operation ForumTroll." The vulnerability enables attackers to bypass Chrome's security sandbox and execute code with elevated privileges on a user's device. The attack method effectively combines social engineering tactics with advanced technical exploits, underlining the threat posed by advanced persistent threat groups.
Recommendations
- Update Chrome to version 134.0.6998.177 or newer.
- Ensure other Chromium-based browsers (like Edge, Brave, Opera) are patched.
- Educate users about phishing threats, especially sophisticated event-based lures.
- Monitor endpoints for any signs of Trinper-like behavior.
- Review browser sandboxing policies and implement application whitelisting where possible.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Weakness Enumeration
Related Identifiers
ALT-PU-2025-7539
ALT-PU-2025-7543
ALT-PU-2025-8547
BDU:2025-03258
CVE-2025-2783
GHSA-F87W-3J5W-V58P
OPENSUSE-SU-2025:0111-1
OPENSUSE-SU-2025:14961-1
OPENSUSE-SU-2025_0111-1
Affected Products
Alt Linux
Google Chrome
Suse
References · 395
- https://osv.dev/vulnerability/openSUSE-SU-2025:0111-1 · Vendor Advisory
- https://osv.dev/vulnerability/GHSA-f87w-3j5w-v58p · Vendor Advisory
- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-2783 · Security Note
- https://osv.dev/vulnerability/openSUSE-SU-2025:14961-1 · Vendor Advisory
- https://safe-surf.ru/specialists/bulletins-nkcki/719273 · Security Note
- https://bdu.fstec.ru/vul/2025-03258 · Security Note
- https://github.com/cefsharp/CefSharp⭐ 10007 🔗 2932 · Note
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-f87w-3j5w-v58p⭐ 10007 🔗 2932 · Note
- https://github.com/cefsharp/CefSharp/releases/tag/v134.3.90⭐ 10007 🔗 2932 · Note
- https://twitter.com/TechJuicePk/status/1905900260137824450 · Twitter Post
- https://twitter.com/TweetThreatNews/status/1904707541914837146 · Twitter Post
- https://twitter.com/windowsforum/status/1905040863815717252 · Twitter Post
- https://twitter.com/TweetThreatNews/status/1905263930420633821 · Twitter Post
- https://twitter.com/DefendOpsHQ/status/1904788535091311017 · Twitter Post