CVE-2025-2783 Google CVE debrief

Who should care

Security teams, endpoint administrators, and product owners responsible for Google Chrome, Chromium-based browsers, and any software that embeds Chromium components or relies on Chromium Mojo.

Technical summary

The available official records identify CVE-2025-2783 as a Google Chromium Mojo sandbox escape vulnerability. The CISA KEV entry confirms it is known exploited and instructs organizations to apply mitigations per vendor instructions; the KEV record also links to the vendor release note and NVD entry. No CVSS score was supplied in the provided corpus.

Defensive priority

High

Recommended defensive actions

• Apply the vendor mitigation or update referenced by CISA as soon as possible.
• Prioritize patching affected Chromium-based browsers and any products that embed Chromium components.
• If a mitigated or updated version is not available, follow CISA guidance and consider discontinuing use of the affected product until remediation is possible.
• Track the CISA KEV due date of 2025-04-17 and confirm remediation across endpoints.
• Validate fleet exposure by inventorying browser versions and Chromium-embedded applications.

Evidence notes

CISA’s Known Exploited Vulnerabilities catalog lists CVE-2025-2783 as a Google Chromium Mojo sandbox escape vulnerability with dateAdded 2025-03-27 and dueDate 2025-04-17. The provided source metadata also points to the Chrome release update and the NVD record. No CVSS score was included in the supplied data, so severity should be treated as KEV-driven rather than score-driven.

Official resources