A critical zero-day vulnerability in Google Chrome, identified as CVE-2025-2783, has been actively exploited in the wild, prompting urgent action from security teams worldwide. The flaw, which carries a CVSS score of 8.3, allows remote attackers to escape the browser's sandbox environment on Windows systems by leveraging an incorrect handle in the Mojo component. This vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on March 27, 2025, just a day after its public disclosure, underscoring its severity and the speed at which it was weaponized.
The exploitation of CVE-2025-2783 has been linked to multiple threat actors, including the notorious TaxOff group, which has used the flaw to deploy the Trinper backdoor. This backdoor facilitates unauthorized access and control over compromised systems, posing significant risks to affected organizations. Additionally, the Italian spyware vendor Memento Labs has been reported to exploit this vulnerability in targeted attacks against entities in Russia and Belarus, as part of an operation dubbed "ForumTroll."
The rapid exploitation of this vulnerability, with a time-to-exploit in the wild of just 0.3 days post-disclosure, highlights the critical need for immediate patching. Google has addressed the issue in Chrome version 134.0.6998.177, and users are strongly advised to update their browsers to mitigate the risk of compromise.
Proof-of-concept (PoC) exploits for CVE-2025-2783 have been circulating, with at least four distinct PoCs available, further increasing the likelihood of widespread exploitation. The vulnerability's Exploit Prediction Scoring System (EPSS) score of 0.441 indicates a moderate likelihood of exploitation, but the active use by sophisticated actors suggests a higher real-world threat.
Security teams should prioritize the deployment of the latest Chrome update and monitor for any signs of compromise, particularly in environments where sensitive data is handled. Given the involvement of advanced persistent threat (APT) actors and commercial spyware vendors, organizations in geopolitical hotspots or those handling high-value information should exercise heightened vigilance.
The exploitation of CVE-2025-2783 serves as a stark reminder of the persistent threats posed by zero-day vulnerabilities and the importance of maintaining robust patch management practices. As attackers continue to exploit such flaws with increasing speed and sophistication, staying ahead of the threat landscape requires proactive measures and continuous monitoring.
CSURFACE