Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a high-severity Google Chromium Mojo sandbox escape vulnerability, CVE-2025-2783, in its Known Exploited Vulnerabilities catalog, following its active exploitation in attacks targeting Russian organizations. Google has released out-of-band fixes for the Chrome browser on Windows, advising all users to update their systems. CISA mandates federal agencies to rectify this vulnerability by April 17, 2025, highlighting the urgency of addressing known vulnerabilities in their networks.
Affected: CISA, Google, Chrome browser for Windows
Keypoints :
- Vulnerability CVE-2025-2783 is due to an incorrect handle in the Mojo IPC library on Windows.
- Active exploitation of this flaw was reported in attacks targeting organizations in Russia.
- CISA requires federal agencies to fix the vulnerability by April 17, 2025, and recommends private organizations review the vulnerabilities as well.