Google has patched a crucial Chrome zero-day vulnerability that hackers have been actively utilizing to sidestep the browser’s defenses and infect focused techniques with malware. The exploit was tracked as CVE-2025-2783. It’s the primary Chrome zero-day found this yr, and it’s already been weaponized in real-world assaults.
Safety researchers at Kaspersky uncovered the vulnerability throughout an investigation right into a phishing marketing campaign dubbed Operation ForumTroll, which focused Russian media shops, universities, and authorities companies. Victims have been lured in by faux electronic mail invites to a tutorial occasion and redirected to a malicious area designed to launch the assault.
In keeping with Kaspersky, this newest Chrome zero-day exploit bypassed Chrome’s sandbox—a key line of protection that isolates net exercise from the remainder of a consumer’s system. As soon as by way of, attackers deployed spyware-grade malware, all with out elevating alarms. “It allowed the attackers to bypass Google Chrome’s sandbox safety as if it didn’t even exist,” the researchers defined.
Google rapidly issued a repair for the zero-day vulnerability with Chrome model 134.0.6998.178, which is now accessible within the Secure Desktop channel. Whereas the replace is rolling out globally, customers also can set off the replace manually by visiting Settings > About Chrome and putting in the most recent replace. Doing so not solely neutralizes CVE-2025-2783 but additionally shuts down a second, associated exploit utilized in the identical assault chain.
Safety researchers say the vulnerability was attributable to incorrect deal with utilization inside Mojo, a key element utilized by Chrome on Home windows. Although Google hasn’t disclosed full technical particulars, the corporate confirmed that the flaw was being actively exploited. This little doubt prompted a swift safety response.
This isn’t the primary time Chrome has come beneath assault, however with exploits rising extra refined, even a number of days’ delay in updating can go away customers weak. With the patch now stay, the perfect protection is an easy one: be certain that Chrome is updated.
