Google Issues Emergency Patch for Chrome Zero-Day Exploit
Google has released an urgent security update for its Chrome browser on Windows after uncovering a critical vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2025-2783, involves an incorrect handle within Mojo—Google’s inter-process communication (IPC) framework on Windows.
The issue has been addressed in Chrome version 134.0.6998.177/.178 for Windows. Users are urged to update immediately to minimize their exposure, especially given that the exploit has already been weaponized in targeted attacks.
APT Campaign Exploits Chrome Flaw in Targeted Phishing Attacks
CVE-2025-2783 marks the first known zero-day vulnerability in Chrome to be actively exploited in 2025 in an APT campaign. Discovered by Boris Larin and Igor Kuznetsov from Kaspersky, the attack was part of a campaign identified as Operation ForumTroll.
According to Kaspersky, victims were infected after clicking on a link within a phishing email. The link directed them to a malicious website viewed via Chrome, triggering the exploit without requiring further interaction. The phishing messages impersonated invitations from a credible event, Primakov Readings, used to lure individuals from media outlets, educational institutions, and government agencies in Russia.
High Sophistication of the Attack Points to State-Sponsored Threat Actor
Kaspersky researchers assessed the campaign as highly sophisticated, indicating the involvement of an advanced persistent threat (APT) group. The nature of the vulnerability allowed attackers to bypass Chrome’s sandboxing mechanisms by exploiting how Chrome interacts with the Windows operating system. While the exploit chain likely involved a secondary vulnerability for remote code execution, Kaspersky has not yet recovered the second component.
The URLs used in the attacks were short-lived and uniquely crafted for each target, with the campaign’s objective believed to be cyber espionage.
Although the attacks are currently known to target Russian organizations, users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are also at risk. It is recommended that users apply relevant patches as soon as vendors roll them out.
Details about the attackers and the full scope of the campaign remain undisclosed by Google, which acknowledged the in-the-wild exploitation in a brief advisory.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: