Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google fixed the first actively exploited Chrome zero-day since the start of the year

Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle […]

Google Chrome Gemini Live

Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia.

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia.

The vulnerability is an incorrect handle provided in unspecified circumstances in Mojo on Windows. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025.

Mojo is Google’s IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. On Windows, it enhances Chrome’s security, but past vulnerabilities have enabled sandbox escapes and privilege escalation.

Google did not share details about the attacks that exploited this vulnerability or the identity of the threat actors behind them.

“Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild.” reads the advisory published by Google. “The Stable channel has been updated to 134.0.6998.177/.178 for Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.”

In October, Google patched another critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024.

The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation.

Dawn is an open-source and cross-platform implementation of the WebGPU standard. More precisely it implements webgpu. h that is a one-to-one mapping with the WebGPU IDL. Dawn is meant to be integrated as part of a larger system and is the underlying implementation of WebGPU in Chromium.

It’s unclear if the vulnerability has been actively exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome zero day vulnerability)