Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Zero-day Vulnerability in Google Chrome

27 March 2025

Google has released security updates to address a zero-day vulnerability affecting Google Chrome. Users and administrators using Windows-based Chrome browsers are advised to update to the latest versions immediately.

Google has released security updates to address a zero-day vulnerability (CVE-2025-2783) affecting Google Chrome. The vulnerability is reportedly being exploited in the wild and has been observed to be used in cyber espionage campaigns to deploy malware.

Successful exploitation of the zero-day vulnerability could allow attackers to bypass Chrome's sandbox and perform arbitrary code execution by exploiting a flaw in Mojo, Chromium's inter-process communication framework. This vulnerability is typically exploited through malicious files or phishing websites.

This vulnerability specifically affects the Chrome browser running on the Windows operating system.

Users and administrators using Windows-based Chrome browsers are advised to update to the latest versions immediately. Users who have opted to perform manual updates should close all Chrome windows and relaunch the browser to apply the latest update. Those with automatic updates enabled do not need to take any action.

Users and administrators are also encouraged to enable automatic updates in Google Chrome to ensure that their software is updated promptly.

More information is available here:

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/

https://www.helpnetsecurity.com/2025/03/26/google-fixes-exploited-chrome-sandbox-bypass-zero-day-cve-2025-2783/

https://www.kaspersky.com/blog/forum-troll-apt-with-zero-day-vulnerability/53215/

Back to top