CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-2783 https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032

Published: Apr 12, 2025
Updated: Apr 30, 2025
GHSA: GHSA-f87w-3j5w-v58p
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
CefSharp.Wpf	-	134.3.90
CefSharp.Wpf.HwndHost	-	134.3.90
CefSharp.Wpf.NETCore	-	134.3.90
CefSharp.WinForms	-	134.3.90
CefSharp.WinForms.NETCore	-	134.3.90
CefSharp.OffScreen.NETCore	-	134.3.90
CefSharp.OffScreen	-	134.3.90

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
https://github.com/cefsharp/CefSharp/releases/tag/v134.3.90
https://github.com/cefsharp/CefSharp/security/advisories/GHSA-f87w-3j5w-v58p
https://issues.chromium.org/issues/405143032

Vulnerability Database

289,599

CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows