The National Computer Emergency Response Team (NCERT) has issued an advisory warning users of a newly discovered zero-day vulnerability in Google Chrome, identified as CVE-2025-2783.
The flaw is currently being exploited in Advanced Persistent Threat (APT) campaigns, including one dubbed “Operation ForumTroll.” The vulnerability enables attackers to bypass Chrome’s sandbox protections, potentially compromising systems upon visiting malicious websites. Media outlets, educational institutions, and government organizations have been primary targets.
According to the advisory, exploitation of this vulnerability may lead to remote code execution, unauthorized access to sensitive information, and privilege escalation, allowing attackers prolonged control over compromised systems. Security experts warn that such control may facilitate espionage and large-scale data exfiltration to remote command-and-control servers. Malware installation, lateral movement within networks, and the deployment of further payloads are among the observed consequences.
The attack chain begins with phishing emails disguised as invitations to legitimate events, such as the Primakov Readings forum. Once the victim clicks the link through Chrome, the vulnerability is triggered, downloading and executing malicious code without further user interaction. The exploit stems from a logical flaw between Chrome and the Windows operating system, enabling attackers to bypass browser protections.
Vulnerable systems include all versions of Google Chrome before 134.0.6998.177/.178 for Windows, particularly in environments where users are susceptible to phishing attacks. NCERT strongly recommends immediate updates to the latest browser version released on March 25, 2025. Users are also advised to apply enhanced security configurations, monitor for indicators of compromise, and implement robust endpoint detection and response solutions.
NCERT has emphasized that organizations should isolate compromised systems, conduct forensic analysis, and restore affected devices from secure backups. Strengthening email security, enabling Enhanced Safe Browsing in Chrome, and patching all relevant software are essential steps toward mitigation. Given the severity and ongoing exploitation of the vulnerability, timely action is essential to prevent further intrusions and data loss.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
