Improper Isolation or Compartmentalization in atom-shell

CVE-2025-2783

atom-shell
chromium
chromiumembeddedframework.runtime
electron
electron-nightly
electron-prebuilt
org.webjars.npm:electron
org.webjars.npm:electron-prebuilt

High

8.3/10

Summary

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-653 - Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References

Release Note
Advisory
Advisory

Advisory Timeline

Published Mar 26, 2025

Improper Isolation or Compartmentalization in atom-shell

CVE-2025-2783

Summary

CWE-653 - Improper Isolation or Compartmentalization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS