Google fixes Chrome zero-day exploited in espionage campaign

​Google has patched a high-severity zero-day vulnerability in Chrome, identified as CVE-2025-2783, which was exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. Discovered by Kaspersky researchers Boris Larin and Igor Kuznetsov, the flaw involves an “incorrect handle provided in unspecified circumstances in Mojo on Windows.” The fix is available in Chrome version 134.0.6998.178 for Windows users. Google has not yet disclosed further details about the attacks, stating that access to bug details may be restricted until a majority of users have updated with the fix.