Описание
CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
https://nvd.nist.gov/vuln/detail/CVE-2025-2783 https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032
Ссылки
- https://github.com/cefsharp/CefSharp/security/advisories/GHSA-f87w-3j5w-v58p
- https://nvd.nist.gov/vuln/detail/CVE-2025-2783
- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
- https://github.com/cefsharp/CefSharp/releases/tag/v134.3.90
- https://issues.chromium.org/issues/405143032
Пакеты
CefSharp.Wpf
< 134.3.90
134.3.90
CefSharp.Wpf.HwndHost
< 134.3.90
134.3.90
CefSharp.Wpf.NetCore
< 134.3.90
134.3.90
CefSharp.WinForms
< 134.3.90
134.3.90
CefSharp.WinForms.NetCore
< 134.3.90
134.3.90
CefSharp.OffScreen.NetCore
< 134.3.90
134.3.90
CefSharp.OffScreen
< 134.3.90
134.3.90
8.3 High
CVSS3
8.3 High
CVSS3