Google published an update for the Chrome web browser on Wednesday night. She stuffs a zero-day security leak that attackers already abuse in the wild. If you use Chrome, you should quickly check whether the error corrected version is already installed and active.
In the Writing the version of the version of Google's developerthat under undated circumstances in the mojo component, which provides functions for inter-process communication, Chrome under Windows is awarded an incorrect handle (CVE-2025-2783, no CVSS, risk according to Google “high“). A handle provides access to resources, in this case, however, to the wrong thing that can be misused by attackers-and you already do what Google also mentioned in the version of the version:” Google has known that an exploit for CVE 2025-2783 exists on the net “.
Abused Zero-Day gap from Kaspersky discovered
IT researchers from Kaspersky discovered the attacked Zero-Day gap. You describe In a blog post The observed attacks by the “Operation Forumtroll” paper. Accordingly, the attack begins with a phishing email that invites you to an event of the International Economic and Political Science Forum and leads to a program and registration form. However, both links in the Chrome web browser lead to malware infection under Windows, without further interaction of the victims.
Kaspersky does not yet want to explain details about the weak point, but describes the error as a logic defect between Chrome and Windows operating system, which allows chrome sandbox protection. The observed attacks were particularly directed against Russian media representatives, employees of educational institutions and government organizations. Kaspersky assumes that the attackers want to spy on the victims. The links from the phishing emails are no longer active, but attackers can use the exploit elsewhere at any time.
The current error corrected versions are Chrome 134.0.6998.177/.178 for Windows. The Extended Stable version is up to date with 134.0.6998.178 under Windows.
Version test
The version dialog reveals whether Chrome is already up to date. It opens after clicking on the browser menu, which is behind the three points stacked on the right of the address bar. There it continues via “Help” about “via Google Chrome”. If the update has not yet been installed, the dialog offers the update and then the browser restart necessary to activate the new software.
Under Linux, the software management of the distribution usually takes the update – but since the gap occurs under Windows, an update is not urgent here. Other chromium-based web browsers such as Microsoft Edge will shortly provide an update that should also use users in a timely manner.
Exactly a week ago, Google had already released an important update for the Chrome browser. It has stuffed a security gap classified as a critical risk.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.