Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections.
The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by a suspected state-sponsored APT group to target media outlets and educational institutions in Russia.
About CVE-2025-2783
Google explains the source of the flaw thus: “Incorrect handle provided in unspecified circumstances in Mojo on Windows.” (Mojo is Chromium’s inter-process communication framework.)
Researchers Igor Kuznetsov and Boris Larin say that the cause of CVE-2025-2783 was “a logical error at the intersection of Google Chrome’s sandbox and the Windows operating…