“The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist,” noted Kaspersky researchers in their analysis. The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the intersection of Chrome’s security framework and the Windows operating system, essentially rendering the browser’s protective measures ineffective. The update will roll out automatically over the coming days and weeks, but users can manually check for updates by navigating to Chrome’s settings menu, selecting “About Chrome,” and installing any available updates. In its Stable Channel Update announcement, Google acknowledged Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) for reporting the vulnerability on March 20, 2025. On March 25, 2025, Google released Chrome updates 134.0.6998.177 and 134.0.6998.178 for Windows users, including a vulnerability patch. While Kaspersky was unable to obtain the second exploit, patching the sandbox escape vulnerability effectively blocks the entire attack chain. According to Google’s security bulletin, technical examination revealed that the exploit leveraged an “incorrect handle provided in unspecified circumstances in Mojo on Windows. Kaspersky advises against clicking on potentially malicious links and plans to publish a detailed technical report on the exploit once the majority of users have installed the updated browser version. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Mar 2025 06:05:08 +0000