Google Releases Emergency Chrome Patch to Address Actively Exploited Zero-Day Vulnerability

Google has rolled out an out-of-band security update to fix a high-severity vulnerability in its Chrome browser for Windows, which has been actively exploited in targeted attacks against organizations in Russia.

  Privacy & Data Protection   Mar 26, 2025  Add to Reading List
Google Releases Emergency Chrome Patch to Address Actively Exploited Zero-Day Vulnerability

Google has rolled out an out-of-band security update to fix a high-severity vulnerability in its Chrome browser for Windows, which has been actively exploited in targeted attacks against organizations in Russia.

The flaw, identified as CVE-2025-2783, stems from an "incorrect handle provided in unspecified circumstances" within Mojo, a set of runtime libraries used for inter-process communication (IPC). Google has not disclosed specific details about the attacks, the perpetrators, or the organizations targeted. The vulnerability has been patched in Chrome version 134.0.6998.177/.178 for Windows.

Cybersecurity Experts Warn of State-Sponsored Attack

Google confirmed the existence of an exploit for CVE-2025-2783 in the wild but provided minimal details. This marks the first Chrome zero-day vulnerability discovered in 2025. Researchers Boris Larin and Igor Kuznetsov from Kaspersky reported the flaw on March 20, 2025.

According to Kaspersky, the zero-day exploit is part of a highly targeted, sophisticated cyberattack, which it tracks as Operation ForumTroll. The attack begins with victims clicking a link embedded in a phishing email, which then opens a malicious website in Google Chrome. No further action is required for infection, indicating a sandbox bypass technique that exploits a logic flaw between Chrome and the Windows operating system.

Espionage-Driven Phishing Campaign Targets Russian Entities

The attackers used customized malicious links to target individuals associated with media outlets, educational institutions, and government agencies in Russia. The phishing emails were disguised as invitations from Primakov Readings, a legitimate scientific and expert forum.

Additionally, the exploit is designed to work in tandem with a second vulnerability enabling remote code execution, but Kaspersky has not yet obtained that component of the attack.

Users Urged to Update Chromium-Based Browsers

Due to the active exploitation of this vulnerability, users of other Chromium-based browsers—including Microsoft Edge, Brave, Opera, and Vivaldi—are advised to install security updates as soon as they become available.