Google Chrome Zero-Day Vulnerability Actively Exploited in the Wild

Google has released an urgent update for its Chrome browser to patch a zero-day vulnerability known as CVE-2025-2783.

This vulnerability has been actively exploited in targeted attacks, utilizing sophisticated malware to bypass Chrome’s sandbox protections.

 The update, version 134.0.6998.177 for Windows, addresses this critical issue and is set to roll out over the coming days.

Vulnerability Details

CVE-2025-2783, identified by researchers from Kaspersky, is a high-severity vulnerability involving an “incorrect handle provided in unspecified circumstances” within the Mojo framework on Windows.

 It was reported on March 20, 2025, and is exploited in real-world attacks. The vulnerability allows attackers to escape Chrome’s sandbox protection, potentially permitting malicious code execution without the user’s intervention.

The exploitation of this vulnerability was observed in a series of highly targeted phishing campaigns. These campaigns, dubbed “Operation ForumTroll,” used personalized malicious links that were short-lived to infect targets.

Once clicked, these links automatically opened in Google Chrome without requiring any further action from the victim.

The malware used in these attacks was designed to run in conjunction with a second exploit that enables remote code execution. However, the second exploit was not obtained due to the risks associated with exposing users during the investigation.

Impact and Attribution

Kaspersky’s analysis suggests that the primary goal of these attacks was espionage, targeting media outlets, educational institutions, and government organizations in Russia.

The sophistication of the malware and tactics employed indicate involvement by a state-sponsored Advanced Persistent Threat (APT) group.

Despite the complexity and danger posed by these attacks, Google’s swift action in releasing a patch has effectively disrupted the exploit chain.

Users are advised to update Chrome as soon as possible to prevent potential infections. The updated browser version, 134.0.6998.177, will be rolled out gradually.

Kaspersky plans to release a detailed report on the zero-day exploit and associated malware, offering insight into the techniques used by these sophisticated attackers. Until then, users should remain vigilant when interacting with links from unfamiliar sources.

The latest Chrome update underscores the importance of prompt security patches and collaboration between tech companies and researchers in combatting cyber threats.

As exploits continue to evolve, staying informed and keeping software up-to-date remains crucial for individual and organizational cybersecurity.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.