Post

Google Addresses Critical Chrome Zero-Day Vulnerability Targeting Russian Organizations

Discover how Google recently patched a high-severity zero-day vulnerability in Chrome, actively exploited in attacks targeting Russian organizations.

Google Addresses Critical Chrome Zero-Day Vulnerability Targeting Russian Organizations

TL;DR

Google has released an emergency update to fix a high-severity vulnerability (CVE-2025-2783) in Chrome for Windows, which was actively exploited in attacks targeting Russian organizations. This flaw, reported by Kaspersky researchers, affects Mojo, Google’s IPC library for Chromium. The update enhances Chrome’s security by addressing this issue, although details about the attacks and threat actors remain undisclosed.

Google Patches High-Severity Zero-Day Vulnerability in Chrome

Google has issued an out-of-band update to address a critical security flaw in the Chrome browser for Windows. This vulnerability, tracked as CVE-2025-2783, was actively exploited in attacks targeting organizations in Russia. The issue was reported by Kaspersky researchers Boris Larin and Igor Kuznetsov on March 20, 20251.

Vulnerability Details

The vulnerability is described as an incorrect handle provided in unspecified circumstances in Mojo on Windows. Mojo is Google’s Inter-Process Communication (IPC) library used in Chromium-based browsers to manage sandboxed processes for secure communication. While Mojo enhances Chrome’s security on Windows, past vulnerabilities have enabled sandbox escapes and privilege escalation2.

Security Implications

Google has not disclosed specific details about the attacks exploiting this vulnerability or the identity of the threat actors involved. However, the company acknowledged the existence of an exploit for CVE-2025-2783 in the wild. The stable channel for Chrome has been updated to versions 134.0.6998.177 and 134.0.6998.178 for Windows, which will be rolled out gradually3.

Advisory and Updates

According to Google’s advisory, “Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild. The Stable channel has been updated to 134.0.6998.177/.178 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log4.

Conclusion

Google’s prompt response to the zero-day vulnerability in Chrome underscores the importance of regular updates and vigilant security practices. Users are advised to ensure their browsers are updated to the latest version to protect against such threats. The ongoing efforts by security researchers and organizations like Kaspersky are crucial in identifying and mitigating these vulnerabilities.

For more details, visit the full article: source

Additional Resources

For further insights, check:

References

  1. Security Affairs (2025). “Google fixed the first actively exploited Chrome zero-day since the start of the year”. Security Affairs. Retrieved 2025-03-26. ↩︎

  2. Google Chromium (2025). “Stable Channel Update for Desktop”. Google Chromium. Retrieved 2025-03-26. ↩︎

  3. Google Chromium (2025). “Stable Channel Update for Desktop”. Google Chromium. Retrieved 2025-03-26. ↩︎

  4. Google Chromium (2025). “Stable Channel Update for Desktop”. Google Chromium. Retrieved 2025-03-26. ↩︎

This post is licensed under CC BY 4.0 by the author.