![Lowest Prices Ever: Apple Pencil Pro Just $79.99, USB-C Pencil Only $49.99 [Deal]](https://www.iclarified.com/images/news/96863/96863/96863-640.jpg)
![Apple Releases iOS 18.4 RC 2 and iPadOS 18.4 RC 2 to Developers [Download]](https://www.iclarified.com/images/news/96860/96860/96860-640.jpg)
![What Google Messages features are rolling out [March 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Chip Glitching 101 with [Hash]](https://hackaday.com/wp-content/uploads/2025/03/glitching.jpeg?#)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.png?#)
Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild
Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors. The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the intersection of Chrome’s security framework and the Windows operating system, […] The post Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild appeared first on Cyber Security News.
.webp?#)
Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.
The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the intersection of Chrome’s security framework and the Windows operating system, essentially rendering the browser’s protective measures ineffective.
The zero-day vulnerability, tracked as CVE-2025-2783, was discovered in mid-March 2025 when Kaspersky’s detection systems identified a wave of infections from previously unknown malware.
In all documented cases, infections occurred immediately after victims clicked on links in phishing emails, with the malicious websites opening in Google Chrome without requiring any additional user interaction.
“The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist,” noted Kaspersky researchers in their analysis.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
According to Google’s security bulletin, technical examination revealed that the exploit leveraged an “incorrect handle provided in unspecified circumstances in Mojo on Windows. ”
The vulnerability was classified as “High” severity, and Google acknowledged that exploits exist in the wild.
The summary of the vulnerability is given below:
| Risk Factors | Details |
| Affected Products | Google Chrome for Windows (versions prior to 134.0.6998.177/.178) |
| Impact | Remote code execution and system compromise |
| Exploit Prerequisites | User must click on a malicious link, typically delivered via phishing email |
| CVSS 3.1 Score | High Severity |
Operation ForumTroll Campaign
The attack campaign, dubbed “Operation ForumTroll” by Kaspersky, specifically targeted Russian media outlets, educational institutions, and government organizations.
The attackers sent personalized phishing emails disguised as invitations to a scientific and expert forum called “Primakov Readings”.
Each malicious link was personalized and had a short lifespan, making detection challenging.
However, Kaspersky’s exploit detection technologies successfully identified the zero-day exploit used to escape Chrome’s sandbox.
Researchers noted that the sophisticated nature of the attack suggests the involvement of a state-sponsored APT (Advanced Persistent Threat) group whose primary goal appears to be espionage.
Upon receiving Kaspersky’s detailed report, Google quickly addressed the issue. On March 25, 2025, Google released Chrome updates 134.0.6998.177 and 134.0.6998.178 for Windows users, including a vulnerability patch.
The Extended stable channel has also been updated to version 134.0.6998.178 for Windows, with both updates set to roll out over the coming days and weeks.
In its Stable Channel Update announcement, Google acknowledged Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) for reporting the vulnerability on March 20, 2025.
Exploitation Chain
The exploit chain involved two components: the sandbox escape vulnerability, and a remote code execution exploit.
While Kaspersky was unable to obtain the second exploit, patching the sandbox escape vulnerability effectively blocks the entire attack chain.
Kaspersky products detect the exploits and malware with verdicts including:
The primary indicator of compromise identified was primakovreadings[.]info.
Security experts strongly recommend Chrome users update their browsers immediately.
The update will roll out automatically over the coming days and weeks, but users can manually check for updates by navigating to Chrome’s settings menu, selecting “About Chrome,” and installing any available updates.
Kaspersky advises against clicking on potentially malicious links and plans to publish a detailed technical report on the exploit once the majority of users have installed the updated browser version.
As this incident demonstrates, even widely used modern browsers with multiple security layers can contain vulnerabilities that sophisticated attackers can exploit. Regular updates and cautious online behavior remain essential defenses against evolving cyber threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild appeared first on Cyber Security News.
.webp?#)
