U.S. CISA Adds Google Chromium Mojo Flaw to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability in Google's Chromium browser to its list of known exploited vulnerabilities, highlighting the importance of prompt action against newly discovered threats.

According to CISA, the agency has included the Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783, in its Known Exploited Vulnerabilities (KEV) catalog. This move comes after a high-severity security flaw was found in Chrome browser for Windows, which has been actively exploited in attacks targeting organizations in Russia.

The vulnerability, an incorrect handle provided in unspecified circumstances in Mojo on Windows, allows attackers to escape the sandbox and potentially escalate privileges. Kaspersky researchers Boris Larin and Igor Kuznetsov reported the vulnerability on March 20, 2025, which has raised concerns among security experts and organizations worldwide.

The Impact of the Vulnerability

Mojo is Google's IPC library for Chromium-based browsers, designed to manage sandboxed processes for secure communication. On Windows, it enhances Chrome's security by segregating browser processes from system-level processes. However, past vulnerabilities have demonstrated that such designs can be vulnerable to exploitation.

The Response from Google

Google has acknowledged the existence of an exploit for CVE-2025-2783 in the wild and has released out-of-band fixes to address the issue. The Stable channel has been updated to 134.0.6998.177/.178 for Windows, which will roll out over the coming days/weeks.

A full list of changes in this build is available in the Log published by Google. While the agency does not provide details on the attacks that exploited this vulnerability or the identity of the threat actors behind them, it serves as a reminder of the importance of prompt action against newly discovered threats.

CISA's Guidance and Recommendations

According to CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies are required to address identified vulnerabilities by a specific due date. In this case, the vulnerability is ordered to be addressed by April 17, 2025.

Experts also recommend that private organizations review the CISA catalog and take steps to address the vulnerabilities in their infrastructure. The timely patching of such critical vulnerabilities can help protect networks against attacks exploiting known flaws.

The Importance of Vigilance

As security threats continue to evolve, it is crucial for organizations and individuals to remain vigilant and proactive in addressing newly discovered vulnerabilities. By staying informed and taking swift action, we can minimize the risk of successful attacks and ensure a safer digital environment.