Google has patched a high-severity zero-day vulnerability in Chrome, identified as CVE-2025-2783, which was exploited to escape the browser’s sandbox and deploy malware in espionage attacks targeting Russian organizations. Discovered by Kaspersky researchers Boris Larin and Igor Kuznetsov, the flaw involves an “incorrect handle provided in unspecified circumstances in Mojo on Windows.” The fix is available in Chrome version 134.0.6998.178 for Windows users. Google has not yet disclosed further details about the attacks, stating that access to bug details may be restricted until a majority of users have updated with the fix.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 | 0 | 14 | March 18, 2025 | |
| [Vulnerability] Zero-Day in CentreStack File-Sharing Platform Under Attack | 0 | 9 | April 11, 2025 | |
| Microsoft addresses 57 security vulnerabilities | 0 | 26 | March 12, 2025 | |
| #204 - Intel Chat: Wiz, Windows, SocGholish, WDAC & BLE | 0 | 10 | March 31, 2025 | |
| Trust Me, I’m Local: Chrome Extensions, MCP, and the Sandbox Escape | 0 | 11 | May 1, 2025 |