Zero-day Vulnerability in Google Chrome

Google has released security updates to address a zero-day vulnerability (CVE-2025-2783) affecting Google Chrome. The vulnerability is reportedly being exploited in the wild and has been observed to be used in cyber espionage campaigns to deploy malware.

Successful exploitation of the zero-day vulnerability could allow attackers to bypass Chrome's sandbox and perform arbitrary code execution by exploiting a flaw in Mojo, Chromium's inter-process communication framework. This vulnerability is typically exploited through malicious files or phishing websites.

This vulnerability specifically affects the Chrome browser running on the Windows operating system.

Users and administrators using Windows-based Chrome browsers are advised to update to the latest versions immediately. Users who have opted to perform manual updates should close all Chrome windows and relaunch the browser to apply the latest update. Those with automatic updates enabled do not need to take any action.

Users and administrators are also encouraged to enable automatic updates in Google Chrome to ensure that their software is updated promptly.

More information is available here:

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/

https://www.helpnetsecurity.com/2025/03/26/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783/

https://www.kaspersky.com/blog/forum-troll-apt-with-zero-day-vulnerability/53215/