Hackers Exploiting Chrome Zero‑Day Vulnerability in the Wild

A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns.

Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent threat (APT) group Team46, also known as TaxOff.

The Attack Campaign

The first signs of this campaign emerged in March 2025, when the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC) identified a phishing operation targeting Russian organizations. 

The attackers sent emails disguised as invitations to high-profile events, such as the Primakov Readings forum. Unsuspecting recipients who clicked the embedded links were redirected to malicious websites hosting the exploit.

Once the victim visited the site, the exploit for CVE-2025-2783 was triggered, enabling a sandbox escape in Chrome and allowing the seamless installation of the Trinper backdoor malware. This attack chain required no further user interaction, making it especially dangerous.

Further analysis revealed that similar phishing campaigns had been ongoing since at least October 2024, using decoy invitations to international conferences and spoofed communications from major Russian digital service providers.

The attackers demonstrated a high level of sophistication, using multi-layered loaders, custom encryption, and advanced evasion techniques to ensure persistence and avoid detection.

CVE-2025-2783: Technical Details

CVE-2025-2783 is a high-severity vulnerability in Google Chrome’s Mojo component on Windows systems. Mojo is a runtime library for inter-process communication (IPC).

The flaw arises from an incorrect handle being provided in unspecified circumstances, which allows remote attackers to escape Chrome’s sandbox via a malicious file or website.

This vulnerability is particularly dangerous because it enables attackers to bypass one of Chrome’s core security mechanisms, potentially leading to arbitrary code execution on the victim’s machine.

Google responded swiftly to reports from Kaspersky and other researchers, releasing a patch for the vulnerability in Chrome version 134.0.6998.177/.178 for Windows users.

 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-2783 to its Known Exploited Vulnerabilities Catalog, urging immediate updates.

Security experts recommend that all users and organizations ensure Chrome is updated to the latest version and enable automatic updates.

Additionally, deploying robust endpoint protection with exploit detection capabilities is advised to mitigate the risk of future zero-day attacks.

The exploitation of CVE-2025-2783 highlights the persistent threat posed by APT groups leveraging browser zero-days.

The Team46/TaxOff campaign demonstrates the effectiveness of phishing, advanced malware delivery, and rapid exploitation of unpatched systems.

Organizations must remain vigilant, prioritize timely patching, and invest in layered security to defend against such evolving threats.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates