Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by a suspected state-sponsored APT group to target media outlets and educational institutions in Russia. About CVE-2025-2783 Google explains the source of the flaw thus: “Incorrect handle provided in unspecified circumstances in Mojo on Windows.” … More

The post Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) appeared first on Help Net Security.