A new zero-day vulnerability (CVE-2025-2783) in Google Chrome is being actively exploited in the wild. This serious flaw lets attackers bypass Chrome’s sandbox and potentially run malicious code without user interaction.
Researchers indicated “infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser.”
Systems Affected
- Chrome prior to 134.0.6998.177/.178 for Windows
What You Should Do
- Google has released a critical patch (v134.0.6998.177) – update your browser ASAP!
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
- Restrict use of certain websites, block downloads and attachments, block JavaScript, restrict browser extensions, etc.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources. Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources
If you have questions or need assistance, contact a member of the Admiral team.
