{"id":2844,"date":"2025-03-26T10:04:02","date_gmt":"2025-03-26T10:04:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/03\/26\/google-chrome-zero-day-vulnerability-exploited-by-hackers-in-the-wild\/"},"modified":"2025-03-26T10:04:02","modified_gmt":"2025-03-26T10:04:02","slug":"google-chrome-zero-day-vulnerability-exploited-by-hackers-in-the-wild","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/03\/26\/google-chrome-zero-day-vulnerability-exploited-by-hackers-in-the-wild\/","title":{"rendered":"Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild"},"content":{"rendered":"

Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability<\/a> being actively exploited by sophisticated threat actors.\u00a0<\/p>\n

The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome\u2019s sandbox protection through a logical error at the intersection of Chrome\u2019s security framework and the Windows operating system, essentially rendering the browser\u2019s protective measures ineffective.<\/p>\n

The zero-day vulnerability, tracked as CVE-2025-2783, was discovered in mid-March 2025 when Kaspersky\u2019s detection systems identified a wave of infections from previously unknown malware.\u00a0<\/p>\n

In all documented cases, infections occurred immediately after victims clicked on links in phishing emails, with the malicious websites opening in Google Chrome without requiring any additional user interaction.<\/p>\n

\u201cThe vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome\u2019s sandbox protection as if it didn\u2019t even exist,\u201d noted Kaspersky researchers in their analysis.<\/p>\n

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks<\/a><\/strong><\/p>\n

According to Google\u2019s security bulletin<\/a>, technical examination revealed that the exploit leveraged an \u201cincorrect handle provided in unspecified circumstances in Mojo on Windows. \u201d\u00a0<\/p>\n

The vulnerability was classified as \u201cHigh\u201d severity, and Google acknowledged that exploits exist in the wild.<\/p>\n

The summary of the vulnerability is given below:<\/p>\n

\n\n\n\n\n\n\n\n
Risk Factors<\/strong><\/td>\nDetails<\/strong><\/td>\n<\/tr>\n
Affected Products<\/td>\nGoogle Chrome for Windows (versions prior to 134.0.6998.177\/.178)<\/td>\n<\/tr>\n
Impact<\/td>\nRemote code execution and system compromise<\/td>\n<\/tr>\n
Exploit Prerequisites<\/td>\nUser must click on a malicious link, typically delivered via phishing email<\/td>\n<\/tr>\n
CVSS 3.1 Score<\/td>\nHigh Severity<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Operation ForumTroll Campaign<\/strong><\/h2>\n

The attack campaign<\/a>, dubbed \u201cOperation ForumTroll\u201d by Kaspersky, specifically targeted Russian media outlets, educational institutions, and government organizations.\u00a0<\/p>\n

The attackers sent personalized phishing emails disguised as invitations to a scientific and expert forum called \u201cPrimakov Readings\u201d.<\/p>\n

\n
\"\"
Phishing Email<\/figcaption><\/figure>\n<\/div>\n

Each malicious link was personalized and had a short lifespan, making detection challenging. <\/p>\n

However, Kaspersky\u2019s exploit detection technologies successfully identified the zero-day exploit used to escape Chrome\u2019s sandbox.<\/p>\n

Researchers noted that the sophisticated nature of the attack suggests the involvement of a state-sponsored APT (Advanced Persistent Threat)<\/a> group whose primary goal appears to be espionage.<\/p>\n

Upon receiving Kaspersky\u2019s detailed report, Google quickly addressed the issue. On March 25, 2025, Google released Chrome updates 134.0.6998.177 and 134.0.6998.178 for Windows users, including a vulnerability patch.<\/p>\n

The Extended stable channel has also been updated to version 134.0.6998.178 for Windows, with both updates set to roll out over the coming days and weeks.<\/p>\n

In its Stable Channel Update announcement, Google acknowledged Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) for reporting the vulnerability on March 20, 2025.<\/p>\n

Exploitation Chain<\/strong><\/h2>\n

The exploit chain involved two components: the sandbox escape vulnerability, and a remote code execution exploit.<\/p>\n

While Kaspersky was unable to obtain the second exploit, patching the sandbox escape vulnerability effectively blocks the entire attack chain.<\/p>\n

Kaspersky products detect the exploits and malware with verdicts including:<\/p>\n

\n
\"\"<\/figure>\n<\/div>\n

The primary indicator of compromise identified was primakovreadings[.]info.<\/p>\n

Security experts strongly recommend Chrome users update their browsers immediately. <\/p>\n

The update will roll out automatically over the coming days and weeks, but users can manually check for updates by navigating to Chrome\u2019s settings menu, selecting \u201cAbout Chrome,\u201d and installing any available updates.<\/p>\n

Kaspersky advises against clicking on potentially malicious links and plans to publish a detailed technical report on the exploit once the majority of users have installed the updated browser version.<\/p>\n

As this incident demonstrates, even widely used modern browsers with multiple security layers can contain vulnerabilities that sophisticated attackers can exploit. Regular updates and cautious online behavior remain essential defenses against evolving cyber threats.<\/p>\n

Investigate Real-World Malicious Links & Phishing Attacks With\u00a0Threat Intelligence Lookup<\/strong>\u00a0-\u00a0Try for Free<\/a><\/code><\/strong><\/code><\/strong><\/p>\n

The post Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Kaaviya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild Google has released an urgent security update for its Chrome browser after cybersecurity researchers at Kaspersky discovered a zero-day vulnerability being actively exploited by sophisticated threat actors.\u00a0 The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass Chrome\u2019s sandbox protection through a logical error at the […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[768,129,63,163,131,517],"tags":[130],"class_list":["post-2844","post","type-post","status-publish","format-standard","hentry","category-chrome","category-cyber-security","category-cyber-security-news","category-google","category-vulnerability","category-zero-day","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/2844"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=2844"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/2844\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=2844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=2844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=2844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}