Google has released an emergency Chrome update after discovering a zero-day exploit being actively used in the wild.
By Aniket Chakraborty
Apr 2, 2025
Security firm Kaspersky identified the vulnerability, warning of "highly sophisticated malware" that infects users immediately upon clicking an email link.
2
America's cyber defense agency CISA has mandated federal employees update Chrome by April 17 or stop using it entirely.
3
The stable desktop version for Windows should be updated to 134.0.6998.177/.178 to patch the vulnerability known as CVE-2025-2783.
4
Mozilla Firefox has also discovered a similar vulnerability affecting their browser, but only on Windows systems.
5
Kaspersky described this exploit as "one of the most interesting" they've encountered, as it bypasses Chrome's sandbox protection effortlessly.
6
Users must restart their browser after downloading the update to properly install the security fix.
7
The attack is believed to be from a "state-sponsored APT group" according to Kaspersky's analysis.
8
Though current attacks appear highly targeted, security experts warn the exploit will likely spread to less sophisticated attackers now that it's been identified.
9
The vulnerability is chained with another unidentified exploit that hasn't yet been fixed, making the Chrome update critical for protection.