Google fixes Chrome zero-day exploited in espionage campaign

​Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. "Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild," the company said in a security advisory published Tuesday. Tracked as CVE-2025-2783, this vulnerability was discovered by Kaspersky's Boris Larin and Igor Kuznetsov, who described it as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." Google fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows (134.0.6998.178) users. Although the company says the security update will roll out over days and weeks, it was immediately available when BleepingComputer checked for updates. Users who prefer not to update Chrome manually can let the browser automatically check for new updates and install them after the next launch. ​While it tagged CVE-2025 ... Read full article.