Source: The Hacker News
Author: [email protected] (The Hacker News)
URL: https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html
## ONE SENTENCE SUMMARY:
Google patched a high-severity Chrome vulnerability (CVE-2025-2783) actively exploited in a phishing campaign targeting Russian organizations with espionage intent.
## MAIN POINTS:
1. Google released an out-of-band fix for Chrome vulnerability CVE-2025-2783 on Windows.
2. The flaw involves incorrect handle usage in Mojo, impacting inter-process communication.
3. It has been actively exploited in targeted attacks against Russian organizations.
4. Google has not disclosed details about the attackers or affected victims.
5. The vulnerability was discovered by Kaspersky researchers Boris Larin and Igor Kuznetsov.
6. Kaspersky links the attacks to an APT group under Operation ForumTroll.
7. Victims were infected by clicking phishing links leading to malicious websites.
8. The flaw allows bypassing Chrome’s sandbox protection on Windows.
9. The phishing campaign impersonated organizers of the Primakov Readings forum.
10. Attackers likely used a second exploit for remote code execution, which remains undiscovered.
## TAKEAWAYS:
1. Chrome users should update to version 134.0.6998.177/.178 immediately to mitigate risks.
2. State-sponsored APT groups continue using sophisticated zero-day exploits for espionage.
3. Phishing remains a primary infection vector in targeted cyberattacks.
4. Sandboxing mechanisms can be bypassed through logical vulnerabilities in software.
5. Organizations must remain vigilant against highly tailored phishing campaigns.