Google Chrome’s latest zero-day,CVE-2025-2783, came to light in March 2025 after researchers uncovered a flaw in the Mojo IPC message-passing framework. Carefully crafted messages let attackers vault Chrome’s sandbox and run arbitrary code on the host with virtually no user action. The weakness is being weaponised in Operation ForumTroll, an espionage campaign attributed to the TaxOff threat group—assessed as a subsidiary of APT Team 46—that is zeroing in on government, media, and academic networks.

Targets receive spear-phishing emails posing as event invitations; opening the link in a vulnerable browser implants the Trinper backdoor, handing attackers durable command-and-control. Google addressed the issue in Chrome 134.0.6998.177 for Windows on 25 March 2025.

Read Full Security Advisory: https://www.cyberstash.com/published-advisories/