CVE-2025-2783

CVE-2025-2783 is a critical zero-day vulnerability discovered in Google Chrome’s Mojo component for Windows, actively exploited in a targeted espionage campaign. Dubbed “Operation ForumTroll,” attackers used phishing emails with malicious links to exploit the flaw, bypassing Chrome’s sandbox protections and enabling remote code execution. The attack targeted Russian media, educational, and government sectors. Google has since released a security patch in Chrome version 134.0.6998.177/.178 to mitigate the issue. CVE-2025-2783 is now listed in CISA’s Known Exploited Vulnerabilities Catalog. Users are strongly urged to update Chrome and exercise caution with suspicious emails to prevent compromise.

google chrome zero-day vulnerability

Google Chrome Zero-Day Vulnerability CVE-2025-2783 Actively Exploited – Here’s What You Need to Know

Google Chrome users are urged to immediately update their browsers due to a critical zero-day vulnerability, CVE-2025-2783, which is being actively exploited. This flaw in the Mojo framework for Windows allows attackers to bypass Chrome's security sandbox and execute malicious code. The vulnerability was leveraged in a targeted phishing campaign dubbed "Operation ForumTroll," believed to be the work of a state-sponsored APT group focusing on media, academic, and government entities in Russia. Google has released a patch in Chrome version 134.0.6998.177 for Windows to address this issue, emphasizing the importance of prompt user updates and proactive cybersecurity measures to mitigate such evolving threats. ... Read More