Published on: April 4, 2025
Google has rushed out an urgent Chrome update for Windows users, patching a serious security vulnerability linked to espionage-related attacks.
“The Stable channel has been updated to 134.0.6998.177/.178 for Windows which will roll out over the coming days/weeks,” the company reported on the Google Chrome Releases blog.
Google says the vulnerability, identified as CVE-2025-2783, stems from an “incorrect handle provided in unspecified circumstances in Mojo on Windows,” though specific technical details remain undisclosed.
In line with its usual policy, Google withheld further details about the attacks, including the methods used, the individuals or groups responsible, and any potential targets. The security hole has been patched in Chrome version 134.0.6998.177/.178 for Windows systems.
“Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild,” the company acknowledged.
According to Boris Larin and Igor Kuznetsov of Kaspersky, the researchers who pointed to the vulnerability, the flaw had been leveraged in what they described as “sophisticated” malware campaigns, likely tied to espionage efforts.
“In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected,” they wrote.
The attack campaign, dubbed Operation ForumTroll, relied on carefully crafted phishing emails, Larin and Kuznetsov explained. These messages posed as official invitations from organizers of the “Primakov Readings,” a well-known scientific and expert forum.
If you use Chrome on Windows and you haven’t updated it, the right time is now. Chrome usually updates itself when you restart it, but if you’ve had it open for a while, do it manually. Click the three dots in the top-right corner, go to Settings > About Chrome, and let it check for updates. When it’s ready, relaunch the browser.