A newly discovered Google Chrome zero day, identified as CVE-2025-2783, is actively being used in targeted attacks against specific organizations.
The vulnerability stems from a type confusion bug in Mojo, an inter-process communication system within Google Chrome, which allows attackers to escape the sandbox and achieve full system compromise.
The zero day exploit has been observed in attacks targeted at organizations in Russia, leading to the deployment of highly sophisticated malware for espionage purposes.
The security fix for this vulnerability is included in the latest version of Google Chrome: version 134.0.6998.177/.178 for Windows.