Google has released an out-of-band fix for CVE-2025-2783, a high-severity Chrome vulnerability actively exploited in the wild. The flaw, linked to incorrect handle usage in Mojo on Windows, allows attackers to bypass Chrome’s sandbox protection. The vulnerability has been patched in Chrome version 134.0.6998.177/.178 for Windows.

Discovered by researchers on March 20, 2025, CVE-2025-2783 marks Chrome’s first known zero-day exploit of the year. The attacks, attributed to Operation ForumTroll, targeted media outlets, educational institutions, and government organizations in Russia.

The attack chain starts with phishing emails disguised as invitations from the Primakov Readings scientific forum. Victims clicking the links unknowingly trigger exploitation within Chrome, requiring no further action to become infected. Researchers believes a state-sponsored APT group is behind the attack.

The vulnerability is suspected to work alongside an additional exploit enabling remote code execution, but researchers has not yet obtained it. Given the sophistication of Operation ForumTroll, organizations are urged to update Chrome immediately to prevent potential compromise.