Google has urgently rolled out a security patch to fix a high-severity Chrome zero-day vulnerability actively exploited in targeted cyberattacks against organizations in Russia.
Tracked as CVE-2025-2783, the flaw stems from an “incorrect handle” issue in Mojo on Windows, a set of libraries used for inter-process communication (IPC). Google confirmed that hackers have already used this zero-day vulnerability in real-world attacks.
The company released the fix in Chrome version 134.0.6998.177/.178 for Windows. Although Google provided minimal details, it acknowledged reports of active exploitation.
Russian cybersecurity firm Kaspersky uncovered the attack, calling it highly sophisticated and targeted. Their experts, Boris Larin and Igor Kuznetsov, first reported the flaw on March 20, 2025.
According to Kaspersky, a state-sponsored advanced persistent threat (APT) group likely orchestrated the campaign, tracked as Operation ForumTroll.
Victims received phishing emails that mimicked invites to the Primakov Readings, a well-known scientific forum. While clicking the link immediately infected victims through Chrome—no downloads or further action required.
“The flaw lies in the logic between Chrome and Windows,” Kaspersky explained. “It lets attackers bypass Chrome’s sandbox protection and gain control.”
The phishing campaign mainly targeted media outlets, universities, and government agencies in Russia. Kaspersky said attackers used short-lived, personalized links, hinting at espionage motives.
Worryingly, CVE-2025-2783 isn’t acting alone. It’s part of a chain that likely includes a second exploit enabling remote code execution. However, Kaspersky couldn’t capture that additional component.
“All evidence points to state-backed hackers running this complex operation,” the researchers added.
This marks Chrome’s first zero-day exploit of 2025, but it doesn’t stop with Google’s browser. Since Chrome shares its foundation with Microsoft Edge, Brave, Opera, and Vivaldi, users of these Chromium-based browsers should update as soon as patches are available.
Cybersecurity experts urge users to stay alert and patch immediately to avoid falling victim to similar stealthy attacks.
