Firefox Update Fixes Sandbox Escape Flaw Similar to Chrome Zero-Day

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Firefox Patch Comes Days After Chrome Zero-Day Attack
The Firefox fix follows Google’s emergency patch for Chrome (CVE-2025-2783), a vulnerability actively exploited in a cyber-espionage campaign targeting media outlets, educational institutions, and government agencies in Russia.
According to Kaspersky, the Chrome zero-day was used in phishing attacks where victims unknowingly clicked malicious links embedded in emails, leading to infection via a compromised website. The attackers then chained the Chrome zero-day with another unknown exploit to break out of the sandbox and achieve remote code execution.
Trending: Major Cyber Attacks that shaped 2024
Trending: Offensive Security Tool: DS Viper
CISA Adds Chrome Zero-Day to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since added CVE-2025-2783 to its Known Exploited Vulnerabilities (KEV) catalog, requiring all federal agencies to apply the patch by April 17, 2025.
With both Google and Mozilla addressing similar sandbox escape flaws, security experts warn that threat actors could attempt to exploit unpatched browsers, making immediate updates crucial for users.
Users Advised to Update Firefox and Chrome Immediately
Mozilla’s rapid response highlights the importance of proactive security measures in preventing browser-based attacks.
Users are strongly advised to:
✔ Update Firefox to the latest patched version (136.0.4 or corresponding ESR versions).
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com
Source: thehackernews.com