Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.
The vulnerability, tracked as CVE-2025-2783, has been described as a case of “incorrect handle provided in unspecified circumstances in Mojo on Windows.” Mojo refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).
As is customary, Google did not reveal additional technical specifics about the nature of the attacks, the identity of the threat actors behind them, and who may have been targeted. The vulnerability has been plugged in Chrome version 134.0.6998.177/.178 for Windows.
“Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild,” the tech giant acknowledged in a terse advisory.
It’s worth noting that CVE-2025-2783 is the first actively exploited Chrome zero-day since the start of the year. Kaspersky researchers Boris Larin and Igor Kuznetsov have been credited with discovering and reporting the shortcoming on March 20, 2025.
The Russian cybersecurity vendor, in its own bulletin, characterized the zero-day exploitation of CVE-2025-2783 as a technically sophisticated targeted attack, indicative of an advanced persistent threat (APT). It’s tracking the activity under the name Operation ForumTroll.
“In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser,” the researchers said. “No further action was required to become infected.”
“The essence of the vulnerability comes down to an error in logic at the intersection of Chrome and the Windows operating system that allows bypassing the browser’s sandbox protection.”
The short-lived links are said to have been personalized to the targets, with espionage being the end goal of the campaign. The malicious emails, Kaspersky said, contained invitations purportedly from the organizers of a legitimate scientific and expert forum, Primakov Readings.
The phishing emails targeted media outlets, educational institutions, and government organizations in Russia. Furthermore, CVE-2025-2783 is designed to be run in conjunction with an additional exploit that facilitates remote code execution. Kaspersky said it was unable to obtain the second exploit.
“All the attack artifacts analyzed so far indicate high sophistication of the attackers, allowing us to confidently conclude that a state-sponsored APT group is behind this attack,” the researchers said.
