122/68 Friday, March 28, 2025
Google has addressed the first zero-day vulnerability of the year in Chrome for Windows, which was actively exploited in attacks targeting organizations in Russia. Tracked as CVE-2025-2783, the vulnerability stems from improper handle management in Mojo, the IPC (Inter-Process Communication) system used in Chromium-based browsers. The issue was discovered and reported by researchers at Kaspersky on March 20, 2025.
Google confirmed that the flaw has been exploited in the wild, but has not disclosed details about the attacks or the threat actors involved. The company has released an update to the Chrome Stable Channel, version 134.0.6998.177/.178 for Windows, which is expected to roll out globally over the coming days. Users are strongly urged to update Chrome immediately to reduce the risk of exploitation.
Previously, in October 2024, Google patched another Chrome vulnerability, CVE-2024-10487, an Out-of-Bounds Write flaw in Dawn, the implementation of WebGPU, which was reported by Apple’s SEAR team. At the time, there was no evidence that the vulnerability had been exploited in the wild.
Source https://securityaffairs.com/175862/hacking/google-fixed-first-chrome-zero-day-in-2025.html
