Vulnerability in most browsers abused in targeted attacks

Researchers found a vulnerability in Chrome that was abused in the wild against organizations in Russia.

Google has released an update for its Chrome browser which includes patches for this vulnerability.

The update brings the Stable channel to versions 134.0.6998.178 for Windows. Other operatings sytems are not vulnerable.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

The vulnerability exists in Windows for all Chromium based browsers, including Edge, Brave, Vivaldi, and Opera. These browsers can all be updated in more or less the same way.

But it doesn’t stop there. After studying the vulnerability, Mozilla concluded that Firefox and the Tor browser are also vulnerable. So, it released updates to patch them.

Technical details

The vulnerability, tracked as CVE-2025-2783 lies in Mojo for Windows. Mojo is a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC).

An incorrect handle provided under certain circumstances allows an attacker to escape the browser sandbox. Which means that due to a logical error on the level where the sandbox and the Windows operating system meet it allows an attacker to execute code on the actual operating system just by getting the target to visit a malicious site. This is something that the sandbox is supposed to prevent.

According to the researchers:

“Without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.”

The researchers did mention that there has to be an additional vulnerability to allow the attacker to enable remote code execution, which they have been unable to find.

All in all, it seems imperative that you update your browser(s) at your earliest convenience.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.