PT-2025-12837 · Google +2 · Google Chrome +2

Published

2025-01-15

·

Updated

2025-12-09

·

CVE-2025-2783

CVSS v2.0
10
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 134.0.6998.177.
Description A zero-day vulnerability, tracked as CVE-2025-2783, has been discovered in Google Chrome's Mojo IPC component, allowing remote attackers to escape the browser's sandbox on Windows systems. This flaw was exploited in-the-wild and believed to be part of a sophisticated campaign dubbed "Operation ForumTroll." The vulnerability enables attackers to bypass Chrome's security sandbox and execute code with elevated privileges on a user's device. The attack method effectively combines social engineering tactics with advanced technical exploits, underlining the threat posed by advanced persistent threat groups.
Recommendations
  1. Update Chrome to version 134.0.6998.177 or newer.
  2. Ensure other Chromium-based browsers (like Edge, Brave, Opera) are patched.
  3. Educate users about phishing threats, especially sophisticated event-based lures.
  4. Monitor endpoints for any signs of Trinper-like behavior.
  5. Review browser sandboxing policies and implement application whitelisting where possible.

Exploit

Fix

Race Condition

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2025-7539
ALT-PU-2025-7543
ALT-PU-2025-8547
BDU:2025-03258
CVE-2025-2783
GHSA-F87W-3J5W-V58P
OPENSUSE-SU-2025:0111-1
OPENSUSE-SU-2025:14961-1
OPENSUSE-SU-2025_0111-1

Affected Products

Alt Linux
Google Chrome
Suse