Security researchers describe the vulnerability as particularly dangerous because it allows attackers to bypass Chrome’s sandbox “as if it didn’t exist,” effectively eliminating a critical browser security layer. The campaign exploits a critical zero-day vulnerability (CVE-2025-2783) in Chrome that bypasses sandbox protections through a logical error at the Chrome-Windows interface, creating a significant security risk for users worldwide. Google responded quickly, patching the vulnerability on March 25 in Chrome versions 134.0.6998.177/.178 following detailed security reports from multiple research teams who identified the attack independently in different target environments. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. They noted the phishing links were carefully personalized for each target and remained active only briefly to evade detection systems and security monitoring, indicating meticulous operational security. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy on vulnerable systems. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The exploit chain demonstrates advanced knowledge of browser security architecture and operating system interactions. K7 Security Labs researchers identified this as a sophisticated state-sponsored APT operation focused on espionage activities. The advanced two-stage attack first exploits CVE-2025-2783 to escape Chrome’s sandbox, then deploys a second exploit enabling remote code execution with system-level privileges.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Mar 2025 14:25:13 +0000