Post

Vulnerability in Major Browsers Exploited in Targeted Cyber Attacks

Discover how a critical vulnerability impacting Chrome and other major browsers was exploited in targeted attacks against Russian organizations. Learn how to update your browser and stay protected from this security threat.

Vulnerability in Major Browsers Exploited in Targeted Cyber Attacks

TL;DR

Researchers identified a vulnerability in Chrome and other Chromium-based browsers, exploited in targeted attacks against Russian organizations. Google and other browser vendors have released updates to patch this vulnerability. Users are advised to update their browsers immediately to stay protected.

Main Content

Researchers have discovered a critical vulnerability in Google Chrome that has been actively exploited in the wild against organizations in Russia. This vulnerability, tracked as CVE-2025-2783, affects the Mojo runtime libraries, which are used for inter-process communication (IPC) in Chromium-based browsers.

Impact and Affected Browsers

The vulnerability allows attackers to escape the browser sandbox and execute code on the operating system by exploiting a logical error in the sandbox and Windows OS interaction. This means that simply visiting a malicious site could allow an attacker to execute code on the user’s system, bypassing the sandbox protection meant to prevent such attacks.

Affected Browsers

  • Google Chrome
  • Microsoft Edge
  • Brave
  • Vivaldi
  • Opera
  • Mozilla Firefox
  • Tor Browser

Update and Patch Information

Google has released an update for Chrome that includes patches for this vulnerability. The update brings the Stable channel to version 134.0.6998.178 for Windows. Other operating systems are not affected by this specific vulnerability.

To manually update Chrome:

  1. Click on Settings.
  2. Navigate to About Chrome.
  3. If an update is available, Chrome will notify you and start downloading it.
  4. Restart the browser to complete the update and apply the patches.

Chrome Update

Technical Details

The vulnerability lies in the Mojo runtime libraries, which provide a platform-agnostic mechanism for IPC. An incorrect handle provided under certain circumstances allows an attacker to escape the browser sandbox and execute code on the operating system.

Researchers noted that an additional vulnerability would be required to enable remote code execution, which has not been identified yet.

“Without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.”

Immediate Action Required

It is crucial to update your browser(s) as soon as possible to protect against this vulnerability. All major browsers, including Chrome, Edge, Brave, Vivaldi, Opera, Firefox, and Tor Browser, have released updates to address this issue.

Additional Resources

For further insights, check:

Conclusion

The discovery of this vulnerability highlights the importance of regular browser updates and the ongoing threat of cyber attacks. By keeping your browser up-to-date, you can protect yourself from such vulnerabilities and ensure a safer browsing experience.

This post is licensed under CC BY 4.0 by the author.