Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Chrome sandbox escape zero-day (CVE-2025-2783)

Vulnerability
First reported
Last updated
Happening score
H score 38
3 unique sources, 3 articles

Summary

Hide ▲

CVE-2025-2783 in Google Chrome was confirmed as a sandbox-escape zero-day used to deliver malware, creating active exploitation risk for Chromium users. The flaw enabled browser process shellcode execution from a malicious link, and Chrome later shipped a fix. The vulnerability matters because a single link could trigger compromise on affected systems before remediation.

Related Happenings

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
First: 09.03.2026 12:28 Last: 09.03.2026 12:28 Sources 1

About this happening: The **QuickLens** and **ShotBird** Chrome extensions have become **malicious after ownership transfer**, turning trusted add-ons into a delivery path for code injection and data t...

Open Happening

QuickLens - Search Screen with Google Lens hit by network compromise

Incident
First: 28.02.2026 21:18 Last: 28.02.2026 21:18 Sources 1

About this happening: The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...

Open Happening

Chrome undisclosed high-severity 466192044 active exploitation security flaw

Vulnerability
First: 11.12.2025 09:09 Last: 11.12.2025 09:09 Sources 1

About this happening: **Chrome** has an undisclosed **high-severity flaw** tracked as **Chromium issue tracker ID 466192044** that is **actively exploited in the wild**, putting browser users at immedi...

Open Happening

AI browsers indirect prompt injection via URL fragments HashJack security flaw

Vulnerability
First: 26.11.2025 12:15 Last: 26.11.2025 12:15 Sources 1

About this happening: **HashJack** is an **indirect prompt injection** vulnerability in **AI browsers** that hides attacker instructions after the **# symbol** in legitimate URLs, letting a normal-look...

Open Happening

Google Chrome V8 type confusion actively exploited security flaw (CVE-2025-13223)

Vulnerability
First: 18.11.2025 06:44 Last: 18.11.2025 06:44 Sources 1

About this happening: **Google** released **Chrome** security updates for **CVE-2025-13223**, a **V8** type confusion flaw that was **actively exploited in the wild** and could lead to **arbitrary code...

Open Happening

Timeline

  2. 27.10.2025 22:02 1 articles · 7mo ago

    Google Chrome sandbox escape (CVE-2025-2783)

    Initial Disclosure

    In early **2025**, a **Chrome** zero-day was identified in a sandbox escape chain and reported to Google. Google then patched **CVE-2025-2783** after the flaw was tied to real-world spyware delivery.

    Show sources
    Open in new tab
  3. 27.10.2025 18:37 1 articles · 7mo ago

    Chrome patches CVE-2025-2783

    Mitigation Patch Update

    Google Chrome fixed CVE-2025-2783 in version 134.0.6998.178 on March 26, closing a sandbox escape that had enabled shellcode execution in the victim’s browser process and installation of a persistent loader.

    Show sources
    Open in new tab
  4. 27.10.2025 18:37 2 articles · 7mo ago

    Kaspersky reports Chrome zero-day abuse in Operation ForumTroll

    Initial Disclosure

    Kaspersky disclosed that Operation ForumTroll targeted Russian organizations with personalized Primakov Readings invitations carrying a malicious link, and that loading the link in a Chromium-based browser was enough to compromise a system through CVE-2025-2783. The same analysis linked the attack chain to LeetAgent and, in some cases, Dante, with high-confidence attribution of the spyware to Memento Labs.

    Show sources
    Open in new tab