<ul><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783, to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>Google released out-of-band fixes for a high-severity security vulnerability (CVE-2025-2783) in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia.</li><li>The vulnerability involves an incorrect handle provided in unspecified circumstances in Mojo on Windows, potentially enabling sandbox escapes and privilege escalation.</li><li>CISA has ordered federal agencies to address this vulnerability by April 17, 2025, and private organizations are recommended to review the Catalog and address the vulnerabilities in their infrastructure.</li></ul>

U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog

Discover more