Google Patches Critical Chrome Zero-Day Vulnerability: Update Now

Google has released an urgent update to fix the first Chrome zero-day vulnerability of 2025, tracked as CVE-2025-2783. The flaw, actively exploited by hackers, enabled attackers to bypass Chrome’s built-in sandbox protections and deploy spyware-grade malware on targeted systems.

Discovery Amid a Phishing Campaign

Security researchers at Kaspersky uncovered the vulnerability during their investigation of a phishing campaign dubbed Operation ForumTroll. The campaign targeted Russian media outlets, universities, and government agencies by sending fake email invitations to an academic event. Victims were redirected to a malicious domain that exploited the Chrome vulnerability to compromise systems.

“The exploit allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist,” Kaspersky researchers explained, highlighting the dangerous nature of this zero-day.

How the Vulnerability Worked

According to preliminary findings, the vulnerability was caused by incorrect handle usage within Mojo, a critical component of Chrome on Windows. This error permitted attackers to escape the secure confines of Chrome’s sandbox—a core feature designed to isolate web processes from the rest of the system. Once the sandbox was breached, malware was quietly installed without triggering immediate alerts.

Google’s Swift Response

In response to the threat, Google promptly released Chrome version 134.0.6998.178, which includes a fix for the zero-day vulnerability. The update is available in the Stable Desktop channel and is being rolled out globally. Users can also manually update their browsers by navigating to Settings > About Chrome.

Importantly, this update not only addresses CVE-2025-2783 but also closes a second, related exploit that was part of the same attack chain, reinforcing Chrome’s defenses against future attacks.

What Users Need to Do

Security experts stress that even a brief delay in updating could leave users exposed to sophisticated cyberattacks. “With exploits growing more sophisticated, even a few days’ delay in updating can leave users vulnerable,” warned researchers.

The advice is clear: update your Chrome browser immediately to ensure your system remains protected against these advanced threats.

For now, as the update rolls out globally, users are urged to remain vigilant and confirm that their browsers are running the latest version. With proactive measures and timely updates, the risks posed by such vulnerabilities can be substantially mitigated.

Photo Credit: DepositPhotos.com