The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome’s sandbox protection through a logical error at the intersection of Chrome’s security framework and the Windows operating system, essentially rendering the browser’s protective measures ineffective.
The zero-day vulnerability, tracked as CVE-2025-2783, was discovered in mid-March 2025 when Kaspersky’s detection systems identified a wave of infections from previously unknown malware.
In all documented cases, infections occurred immediately after victims clicked on links in phishing emails, with the malicious websites opening in Google Chrome without requiring any additional user interaction.
“The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist,” noted Kaspersky researchers in their analysis.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
According to Google’s security bulletin, technical examination revealed that the exploit leveraged an “incorrect handle provided in unspecified circumstances in Mojo on Windows. ”
The vulnerability was classified as “High” severity, and Google acknowledged that exploits exist in the wild.
The summary of the vulnerability is given below:
| Risk Factors | Details |
| Affected Products | Google Chrome for Windows (versions prior to 134.0.6998.177/.178) |
| Impact | Remote code execution and system compromise |
| Exploit Prerequisites | User must click on a malicious link, typically delivered via phishing email |
| CVSS 3.1 Score | High Severity |
The attack campaign, dubbed “Operation ForumTroll” by Kaspersky, specifically targeted Russian media outlets, educational institutions, and government organizations.
The attackers sent personalized phishing emails disguised as invitations to a scientific and expert forum called “Primakov Readings”.
Each malicious link was personalized and had a short lifespan, making detection challenging.
However, Kaspersky’s exploit detection technologies successfully identified the zero-day exploit used to escape Chrome’s sandbox.
Researchers noted that the sophisticated nature of the attack suggests the involvement of a state-sponsored APT (Advanced Persistent Threat) group whose primary goal appears to be espionage.
Upon receiving Kaspersky’s detailed report, Google quickly addressed the issue. On March 25, 2025, Google released Chrome updates 134.0.6998.177 and 134.0.6998.178 for Windows users, including a vulnerability patch.
The Extended stable channel has also been updated to version 134.0.6998.178 for Windows, with both updates set to roll out over the coming days and weeks.
In its Stable Channel Update announcement, Google acknowledged Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) for reporting the vulnerability on March 20, 2025.
The exploit chain involved two components: the sandbox escape vulnerability, and a remote code execution exploit.
While Kaspersky was unable to obtain the second exploit, patching the sandbox escape vulnerability effectively blocks the entire attack chain.
Kaspersky products detect the exploits and malware with verdicts including:
The primary indicator of compromise identified was primakovreadings[.]info.
Security experts strongly recommend Chrome users update their browsers immediately.
The update will roll out automatically over the coming days and weeks, but users can manually check for updates by navigating to Chrome’s settings menu, selecting “About Chrome,” and installing any available updates.
Kaspersky advises against clicking on potentially malicious links and plans to publish a detailed technical report on the exploit once the majority of users have installed the updated browser version.
As this incident demonstrates, even widely used modern browsers with multiple security layers can contain vulnerabilities that sophisticated attackers can exploit. Regular updates and cautious online behavior remain essential defenses against evolving cyber threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild appeared first on Cyber Security News.
The AI Workmate Concept can move and rotate to accomplish various tasks, but can it…
The magnetic pen case is pulling wedge duty in there. Lenovo has a few new…
We’ve been waiting five years for this follow-up to the X12 Detachable. | Image: Lenovo…
TAYLOR COUNTY, Texas (KTAB/KRBC) - A two-vehicle collision occurred south of Abilene Sunday afternoon. The…
Scream 7 has enjoyed a huge box office opening weekend, with nearly $100 million secured…
Another month has ended, and we are now officially in March! Today, there are quite…
This website uses cookies.