Google has issued emergency updates to fix a critical security vulnerability in its Chrome browser for Windows
which has been actively exploited in cyberattacks targeting organizations in Russia.
The flaw, identified as CVE-2025-2783, stems from an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo is a set of runtime libraries used for inter-process communication (IPC) across different platforms.
As per Google's usual security practice, the company has not disclosed further details regarding the nature of the attacks, the threat actors involved, or the specific targets. The vulnerability has been patched in Chrome version 134.0.6998.177/.178 for Windows. "Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild," the company stated in a brief advisory.
This marks the first known Chrome zero-day vulnerability exploited in 2025. The issue was reported on March 20, 2025, by Kaspersky researchers Boris Larin and Igor Kuznetsov.
According to Kaspersky’s security bulletin, the CVE-2025-2783 exploit has been used in a highly advanced and targeted attack, which the cybersecurity firm has dubbed Operation ForumTroll.
"In all cases, victims were infected immediately after clicking a link in a phishing email, which opened in Google Chrome," Kaspersky researchers revealed. "No further user interaction was required for the infection to take place."
The vulnerability arises from a logic flaw at the intersection of Chrome and the Windows operating system, enabling attackers to bypass Chrome’s sandbox security protections.
The malicious links, which were short-lived and personalized for specific targets, were used for espionage. The phishing emails were designed to appear as invitations from the organizers of Primakov Readings, a well-known scientific and expert forum. Kaspersky reported that the campaign targeted Russian media outlets, educational institutions, and government agencies.
Moreover, CVE-2025-2783 appears to be used alongside another exploit that enables remote code execution, though Kaspersky was unable to obtain this secondary exploit.
"All available evidence points to a highly sophisticated threat actor, leading us to conclude that a state-sponsored APT group is responsible for this attack," the researchers stated.
Given the active exploitation of this vulnerability, users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are advised to install the latest security updates as soon as they become available.
