Brave CVE-2025-2783 exploit update

Description of the issue:
An exploit of some aspects of Mojo was reported in chromium based browsers on 3/20/2025 and tagged as CVE-2025-2783.
Google has now created a patch to protect against this exploit with chromium version 134.0.6998.178, but Brave appears to still be vulnerable as of 9am mst 3/26/2025. I believe Brave is still vulnerable because release notes indicate the browser is still on chromium version 134.0.6998.166.

Steps to Reproduce (add as many as necessary): 1. 2. 3.
Link to check Braves current chromium version: https://brave.com/latest/
In each instance the exploit has been triggered by the victim clicking on an unsafe link as from a phishing email.

Actual Result (gifs and screenshots are welcome!):
Complete take over of windows based machines.

Operating System and Brave Version(See the About Brave page in the main menu):
Windows operating systems, and all chromium based browsers using chromium versions earlier than 134.0.6998.178, including Brave v1.76.81

I’m assuming they are tracking and we should see a chromium update before long. But let me cc: @steeven @Mattches

I mean, I’m not sure how it would impact Brave or if it’s vulnerable, but any time we see security updates to Chromium you’ll usually see it ported over to Brave.

@neederbean thanks for raising, releasing an update to 134.0.6998.178 in about 3 minutes.

Thank you both! @Saoiray, @steeven and any others involved

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.