Chrome Sandbox Zero-day Vulnerability
March 26, 2025
Issue
CVE-2025-2783 is a high-severity zero-day vulnerability in Google Chrome that allows attackers to bypass the browser’s sandbox protection through a logical error at the intersection of Chrome’s security framework and the Windows operating system. This vulnerability enables remote code execution and system compromise.
Who It Affects
The vulnerability primarily affects users of Google Chrome for Windows, specifically versions prior to 134.0.6998.177/.178[3]. The attacks have targeted Russian media outlets, educational institutions, and government organizations[1][2].
Remediation
Google has released emergency updates for Chrome (versions 134.0.6998.177 and 134.0.6998.178) to address this vulnerability[4][3]. Users are advised to update their Chrome browser immediately and restart it to ensure the fix is applied[4].
Sources
References
[1] Google fixes Chrome zero-day exploited in espionage campaign
[2] Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
[3] Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild
[4] Google Confirms Chrome Attack Warning—What You Do Now – Forbes
[5] Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky