Islamabad, Apr 15, 2025: A major security warning has been issued by the National Computer Emergency Response Team (NCERT) regarding a serious zero-day flaw found in Google Chrome, listed under CVE-2025-2783.
This critical weakness is currently being weaponized in targeted cyberattacks, including one named “Operation ForumTroll.”
Cybercriminals are actively using this vulnerability to bypass Chrome’s built-in security defenses.
By simply visiting a compromised or malicious website, users could unknowingly allow attackers access to their systems.
Cyber attackers have especially targeted institutions in the education sector, government bodies, and media organizations.
Security specialists have outlined that this flaw can lead to remote code execution, theft of confidential data, and escalation of user privileges—allowing hackers extended control over the infected systems.
Read More: OpenAI Launches GPT-4.1: Better & More Affordable
Such access can open the door to espionage, massive data breaches, and persistent backdoor installations through remote command-and-control centers.
The attackers can also move laterally across networks and deploy additional harmful software.
The intrusion begins with well-crafted phishing emails that appear to be legitimate, often mimicking real event invitations such as the “Primakov Readings.”
When unsuspecting users click on these links using Chrome, the system activates the vulnerability, allowing malicious code to run automatically without further input.
This exploit arises due to a security loophole in how Chrome interacts with Windows.
All Chrome versions before 134.0.6998.177/.178 for Windows are at risk, especially in environments where phishing attempts are common.
NCERT strongly advises users to immediately update to the latest version, released on March 25, 2025, to secure their systems.
To minimize exposure, users and IT teams should also enforce strong browser security settings, monitor networks for unusual activity, and deploy reliable endpoint detection systems.
For compromised systems, isolating affected devices, performing in-depth forensic checks, and restoring from clean backups are critical steps.
You should also prioritize enhancing email filtering tools, turning on Chrome’s Enhanced Safe Browsing, and patching all associated software.
Given the severity of this active threat, quick action is crucial. Delays in addressing this vulnerability may lead to severe data losses and prolonged system breaches.
