CVE‑2025‑2783 – Chrome Zero-Day Exploited by Threat Actor

Dave HallDave Hall
1 min read

CVE‑2025‑2783: Active Chrome Zero‑Day Exploit Threatens Browsers

CVE‑2025‑2783 is a recently patched zero-day in Google Chrome, actively exploited by the threat group TaxOff to deliver the “Trinper” backdoor.

  • CVSS v3.1: 8.3 (High)

  • The exploit targets a sandbox escape, enabling unauthorized access via browser visit :contentReference[oaicite:2]{index=2}.

Why It Matters

  • This is an in-the-wild exploit affecting unpatched Chrome installations.

  • Browser sandbox escapes are rare and high-impact events.

  • The identified threat actor (“TaxOff”) is maintaining a stealthy malware campaign.

  1. Update Chrome Immediately to the latest stable release.

  2. Check for Indicators of Compromise related to “Trinper” in browser activity logs.

  3. Enforce automated Chrome updates across your environment.

Key Takeaway

Browser zero-days still pose significant risk. Active exploitation combined with sandbox bypass means urgent patching is essential—no exceptions.

0
Subscribe to my newsletter

Read articles from Dave Hall directly inside your inbox. Subscribe to the newsletter, and don't miss out.

vulnerabilityVulnerability management#cybersecuritycybersecurity

Written by

Dave Hall
Dave Hall