Google has released an out-of-band fix to address a sophisticated security flaw in the Chrome browser for Windows that is said to have been exploited in the wild as part of an attack targeting Russian organizations.
The vulnerability tracked as CVE-2025-2783 is described as a case of “incorrect handles provided in unspecified situations in window mojos.” Mojo refers to a collection of runtime libraries that provide a platform-independent mechanism for inter-process communication (IPC).
As is conventional, Google did not reveal any additional technical details about the nature of the attack, the identity of the threat actors behind it, and who could have been targeted. The vulnerability is connected to Chrome version 134.0.6998.177/.178 for Windows.
“Google is aware of reports of CVE-2025-2783 exploits present in the wild,” the Tech giant admitted in concise advice.
It is worth noting that CVE-2025-2783 is the first actively and actively used Chrome Zero Day since the beginning of this year. Kaspersky researchers Boris Larin and Igor Kuznetsov are admitted to have discovered and reported the shortcomings on March 20, 2025.
In its own bulletin, the Russian cybersecurity vendor characterized the exploitation of zero-days, CVE-2025-2783 as a technically sophisticated target attack. It tracks activities under the name Operation ForumTroll.
“In all cases, the infection occurred shortly after the victim clicked on a phishing email link and the attacker’s website was opened using the Google Chrome web browser,” the researcher said. “We didn’t need any further action to get infected.”
“The essence of vulnerabilities comes down to logic errors at the intersection of Chrome and Windows operating systems that can bypass browser sandbox protection.”
The short-lived link is said to have been personalized by the target, and spies are the ultimate goal of the campaign. Caspersky said the malicious email included an invitation from the organizers of Primakov Readings, a legitimate scientific and expert forum.
Phishing targets Russian media, educational institutions and governmental organizations. Additionally, CVE-2025-2783 is designed to be run in conjunction with additional exploits that facilitate remote code execution. Kaspersky said he could not get a second exploit.
“All attack artifacts analyzed so far show a high level of sophistication in the attack, allowing us to confidently conclude that state-sponsored APT groups are behind this attack,” the researchers said.
Source link
