Chrome Zero Day CVE-2025-2783 Used in Targeted Attacks

UPDATE—Google has patched a serious vulnerability in Chrome that researchers say has been used in active targeted attacks against victims in Russia. The flaw (CVE-2025-2783) has been exploited in a phishing campaign that directs victims to a malicious website that hosts a pair of exploits. 

On Thursday, Mozilla also released a fix for a related vulnerability in Firefox, which is based on the Chromum codebase.

“Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape,” Mozilla said in its advisory.

Researchers at Kaspersky discovered the vulnerability earlier this month after seeing a series of infections by a previously unknown piece of malware. They attribute the attacks to a state-backed actor, but did not identify any specific group. The researchers also are keeping the technical details of the bug private until the majority of Chrome users have updated to the fixed version.

The exploit that the Kaspersky researchers identified allowed the attackers to escape the Chrome sandbox and eventually gain remote code execution. The phishing campaign, which they named Operation ForumTroll, used an invitation to an academic forum as a lure and included personalized links for each victim. 

“The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist. The cause of this was a logical error at the intersection of Google Chrome’s sandbox and the Windows operating system,” the researchers said. 

“The exploit we discovered was designed to run in conjunction with an additional exploit that enables remote code execution. Unfortunately, we were unable to obtain this second exploit, as in this particular case it would have required waiting for a new wave of attacks and exposing users to the risk of infection. Fortunately, patching the vulnerability used to escape the sandbox effectively blocks the entire attack chain.”

Google released a fix for the vulnerability on Tuesday. 

The exploit chain that the Kaspersky researchers discovered affected Windows machines specifically. 

This story was updated on March 28 to include the Mozilla patch information.