NCERT Warns of CVE-2025-2783 Chrome Vulnerability Exploited in Targeted Cyberattacks

ISLAMABAD: The National Computer Emergency Response Team (NCERT) has issued a critical advisory regarding the CVE-2025-2783 Chrome vulnerability, warning users of active exploitation by advanced persistent threat (APT) groups. The zero-day flaw reportedly bypasses Chrome’s security protections, posing serious risks to organizations and individuals alike.

The newly identified CVE-2025-2783 Chrome vulnerability is currently being leveraged in targeted attacks, including a campaign known as “Operation ForumTroll.” This security flaw allows threat actors to escape Chrome’s sandbox environment and compromise systems merely by luring users to malicious websites.

According to NCERT, this vulnerability could lead to remote code execution, unauthorized access to private data, and elevated privileges that enable prolonged attacker presence. Sectors under attack reportedly include media outlets, educational institutions, and government agencies. Experts caution that compromised systems are at risk of espionage, extensive data theft, and malware deployment.

Attackers are using phishing emails disguised as invitations to credible events like the Primakov Readings to lure victims. Clicking the embedded link via Chrome triggers the flaw, which silently downloads and executes harmful code. The root cause is a logic gap between the Chrome browser and the Windows OS, effectively circumventing standard browser defenses.

All Chrome versions earlier than 134.0.6998.177/.178 for Windows are vulnerable. NCERT advises users to upgrade to the latest stable release, rolled out on March 25, 2025, as an immediate countermeasure. Additional recommendations include strengthening browser security settings, deploying endpoint detection tools, and monitoring systems for signs of compromise.

Organizations are urged to isolate any affected systems, carry out forensic investigations, and restore devices from clean backups. Measures such as enabling Enhanced Safe Browsing in Chrome, bolstering email filtering, and maintaining updated software across the board are also encouraged to mitigate ongoing risks.

Given the active exploitation of the CVE-2025-2783 Chrome vulnerability, NCERT stresses that timely patching and rigorous cybersecurity practices are vital to preventing widespread intrusions and protecting sensitive data.