Sajid Shoaib
People are being alerted by the National Computer Emergency Response Team (NCERT) about a recently found zero-day vulnerability in Google Chrome, known as CVE-2025-2783.
At the moment, Advanced Persistent Threat (APT) operations, such as “Operation ForumTroll,” are taking advantage of the vulnerability. By using the vulnerability, attackers may get beyond Chrome’s sandbox safeguards and perhaps compromise systems when they visit malicious websites. The main targets have been the government departments, colleges and universities, and media organizations.
The alert states that exploiting this issue might provide attackers extended control over computers that are susceptible by enabling execution of code remotely, unauthorized access to private data, and privilege escalation. Such control, according to security experts, might make it easier for eavesdropping and large-scale data leakage to distant command-and-control systems. The reported effects include the deployment of additional devices, lateral migration throughout networks, and malware installation.
Read More: NCERT Warns of Fake CAPTCHA, PDF Attacks on Sensitive Data
Phishing emails masquerading as invites to reputable events, like the Primakov Readings forum, start the attack chain. Without any additional user activity, the vulnerability is activated when the victim opens the link in Chrome, downloading and running malicious malware. Attackers may get beyond browser security measures thanks to the hack, which is based on a logical error between Chrome and Windows.
All Google Chrome version prior than 134.0.6998.177/.178 for Windows are considered vulnerable systems, especially in settings where users are vulnerable to phishing attempts. NCERT highly advises updating to the most recent browser version, which was made available on March 25, 2025, right away. Additionally, users are encouraged to use powerful endpoint detection and response systems, monitor for signs of compromise, and apply increased security configurations.
Organizations should isolate hacked systems, do out forensic investigation, and restore impacted devices from secure backups, according to NCERT’s emphasis. Important mitigating measures include repairing any pertinent software, activating Enhanced Safe Browsing in Chrome, and fortifying email security. Given the vulnerability’s seriousness and continued exploitation, prompt action is necessary to stop more incursions and data loss.
