Summary: Google has released urgent fixes for a high-severity vulnerability in Chrome for Windows, known as CVE-2025-2783, which has been actively exploited to target organizations in Russia. The flaw involves an incorrect handle in Mojo, allowing attackers to bypass browser protections through phishing emails. This marks the first actively exploited Chrome zero-day of the year, with attacks linked to a sophisticated APT campaign called Operation ForumTroll.
Affected: Google Chrome (Windows)
Keypoints :
- CVE-2025-2783 involves a critical flaw exploited in the wild, requiring immediate fixes from Google.
- The vulnerability was discovered by researchers at Kaspersky and is linked to targeted phishing attacks on Russian organizations.
- Attackers typically lure victims through personalized emails that lead to infection upon clicking a link.
Source: https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html