The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783, to its Known Exploited Vulnerabilities (KEV) catalog.
Google released out-of-band fixes for a high-severity security vulnerability (CVE-2025-2783) in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia.
The vulnerability involves an incorrect handle provided in unspecified circumstances in Mojo on Windows, potentially enabling sandbox escapes and privilege escalation.
CISA has ordered federal agencies to address this vulnerability by April 17, 2025, and private organizations are recommended to review the Catalog and address the vulnerabilities in their infrastructure.