Kaspersky researchers Boris Larin and Igor Kuznetsov discovered a high-severity vulnerability in Google Chrome. Tracked as CVE-2025-2783, the vulnerability is being exploited in the wild. This is the first actively exploited Chrome zero-day since the start of the year. Google has not released any technical information about the nature of the attacks. Some reports suggest the vulnerability is used to deploy malware in espionage attacks targeting Russian organizations.
Chrome describes CVE-2025-2783 as an incorrect handle provided in unspecified circumstances in Mojo on Windows. Mojo is a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).
According to the security researcher’s blog, the vulnerability can allow attackers to bypass Google Chrome’s sandbox protection as if it didn’t exist. The vulnerability originates from a logical error at the intersection of Google Chrome’s sandbox and the Windows operating system.
CISA added the CVE-2025-2783 to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before April 17, 2025.
Affected Versions
The vulnerability affects Google Chrome versions before 134.0.6998.177/.178.
Mitigation
Customers must upgrade to the latest stable channel version 134.0.6998.177/.178 for Windows.
For more information, please refer to the Google Chrome Release Page.
Qualys Detection
Qualys customers can scan their devices with QIDs 382974 and 382999 to detect vulnerable assets.
Microsoft has released the Microsoft Edge Stable Channel (Version 134.0.3124.93) to address CVE-2025-2783, which the Chromium team has reported as being exploited in the wild.
Rapid Response with Patch Management (PM)
Qualys Patch Management and its Zero-Touch Patching feature provide a seamless, automated process of patching a vulnerability like this.
Zero-Touch Patching identifies the most vulnerable products in your environment and automates the deployment of necessary patches and configuration adjustments. This streamlines the patching process and ensures vulnerabilities are addressed promptly.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://securelist.com/operation-forumtroll/115989/
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-26-2025