Google has issued an emergency update for its Chrome browser on Windows to patch a high-severity vulnerability, identified as CVE-2025-2783, which has been actively exploited in targeted attacks against organizations in Russia. This flaw involves an “incorrect handle provided in unspecified circumstances in Mojo on Windows,” referring to a collection of runtime libraries that facilitate inter-process communication (IPC).
The vulnerability was discovered and reported by Kaspersky researchers Boris Larin and Igor Kuznetsov on March 20, 2025. Kaspersky has labeled the exploitation of CVE-2025-2783 as a technically sophisticated targeted attack, indicative of an advanced persistent threat (APT), and is tracking the activity under the name Operation ForumTroll.
In these attacks, victims were infected immediately after clicking on a link in a phishing email, which opened a malicious website using the Google Chrome browser. No further action was required for the infection to occur. The phishing emails targeted media outlets, educational institutions, and government organizations in Russia, containing invitations purportedly from the organizers of a legitimate scientific and expert forum, Primakov Readings.
The essence of the vulnerability lies in a logic error at the intersection of Chrome and the Windows operating system, allowing attackers to bypass the browser’s sandbox protection. CVE-2025-2783 is designed to be run in conjunction with an additional exploit that facilitates remote code execution; however, Kaspersky was unable to obtain the second exploit.
All analyzed attack artifacts indicate a high level of sophistication, leading researchers to conclude that a state-sponsored APT group is behind this attack.
In response, Google has released Chrome version 134.0.6998.177/.178 for Windows to address this vulnerability. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as they become available.
