Critical Chrome Zero-Day CVE-2025-2783 (CVSS 8.3) — AyeTech Patched All Managed Systems Within 24 Hours

What Is CVE-2025-2783?

On March 20, 2025, security researchers Boris Larin and Igor Kuznetsov from Kaspersky discovered a critical zero-day vulnerability in Google Chrome. The flaw is a sandbox escape vulnerability in Mojo, Chrome's inter-process communication framework. It allows attackers to break out of the browser's security sandbox and execute arbitrary code with system-level permissions.

The vulnerability is currently under active exploitation in targeted attacks by an advanced threat group. Google released an emergency patch in Chrome version 134.0.6998.177 on March 25, 2025—just five days after discovery.

This vulnerability is part of a multi-stage exploit chain. Attackers first use a remote code execution exploit (not yet publicly disclosed) to deliver the Chrome sandbox escape payload. Once on the system, the CVE-2025-2783 exploit breaks out of the browser sandbox and establishes system-level code execution. Kaspersky researchers identified a custom spyware trojan called "Dante" as the final payload, designed for surveillance and data exfiltration.

Why CVSS 8.3 Is High Severity

The CVSS (Common Vulnerability Scoring System) scale goes from 0 to 10. A score of 8.3 is classified as "High" and indicates:

• Network accessible: The vulnerability can be exploited remotely over the network—just by visiting a malicious webpage
• High attack complexity: The attacker must craft a sophisticated multi-stage exploit, but once developed, it can be reliably exploited
• User interaction required: The victim must click a malicious link or visit a compromised website
• Privilege escalation: Successful exploitation allows the attacker to break out of the Chrome sandbox and gain system-level code execution
• High impact: An attacker gains complete control over the system where Chrome is running

Translation: this is one of the most dangerous types of vulnerability for end-user systems. A single click on a malicious link can compromise your entire computer.

Which Chrome Versions Are Affected

• Chrome 133 and earlier — VULNERABLE
• Chrome 134.0.6998.177 or later — PATCHED ✓
• All operating systems affected: Windows, macOS, Linux

How to Check Your Chrome Version

1. Open Google Chrome
2. Click the menu button (three vertical dots) in the top right corner
3. Select "About Google Chrome"
4. Your current version is displayed at the top. If it shows 133 or earlier, you are vulnerable
5. Chrome will automatically check for updates — wait for the update to complete and restart the browser
6. After restart, return to "About Google Chrome" and verify you are now running version 134.0.6998.177 or later

Chrome automatically checks for updates every few hours, but you can force an immediate update by going to "About Google Chrome" — it will prompt you if an update is available.

What an Attacker Can Do If They Exploit This Vulnerability

This zero-day is particularly dangerous because it combines two attack vectors: a remote code execution exploit plus a sandbox escape. Together, they give attackers complete system access.

Kaspersky's research shows the real-world exploit is being used to deploy "Dante," a sophisticated spyware trojan with capabilities for surveillance, data exfiltration, and remote command execution. The attacks are highly targeted and focus on media outlets, educational institutions, and government organizations.

For a business, a compromised employee workstation means attackers have a foothold inside your network, potentially leading to lateral movement, server compromise, and complete data breach.

How AyeTech Responded — Why Managed IT Saves You

1. CVE Detection: AyeTech's security team monitors Kaspersky research feeds, Google security advisories, and CISA vulnerability databases 24/7. The zero-day was flagged immediately upon publication.
2. RMM Inventory Check: We used our Remote Monitoring and Management (RMM) platform to query all 350+ managed systems and identify which devices were running vulnerable Chrome versions. The scan completed within 30 minutes, giving us a complete view of exposure across our client base.
3. Severity Assessment: We evaluated the risk — CVSS 8.3, actively exploited, multi-stage attack chain, state-sponsored attribution. Verdict: emergency patch situation requiring deployment outside our normal maintenance windows.
4. Lab Testing: Before deploying to production systems, we tested Chrome 134.0.6998.177 in our lab environment across Windows 10, Windows 11, and macOS systems. We verified the patch resolves the vulnerability, confirmed all extensions and plugins remain compatible, and tested performance impact. We also ran antivirus scans to confirm no adverse interactions.
5. Coordinated Deployment: Once verified safe, we deployed the Chrome update across all 350+ managed systems using our RMM platform. We prioritized critical business systems first, then standard workstations. The deployment was coordinated during business hours to minimize disruption while ensuring rapid patching.
6. Post-Deployment Verification: After deployment, we re-scanned all systems using our RMM to verify that Chrome had updated to version 134.0.6998.177 or later and that no systems were missed. We also ran full antivirus scans on all systems to check for signs of pre-existing exploitation.

Result: All 350+ AyeTech-managed systems were patched, verified, and secured within 24 hours of the patch release.

Why This Matters for Your Business

If you are managing Chrome deployments yourself:

• You may not know this zero-day exists
• You may not have automated tools to check which systems have vulnerable Chrome versions
• You may not have a lab environment to test patches before deploying to production
• You may not have the process to deploy updates across dozens or hundreds of systems coordinated and verified
• You may be running vulnerable systems right now without knowing it
• Your systems may already be compromised before you find out about the vulnerability

This is the fundamental reason managed IT services exist. We handle the continuous monitoring, rapid response, coordinated testing, and deployment at scale so you can focus on your business.

What You Should Do Right Now

• Update Chrome immediately on all devices. Go to "About Google Chrome" and force an update check. Verify you are running 134.0.6998.177 or later before continuing work.
• Check all your staff devices. If you manage multiple computers, verify each one has been updated. Do not assume automatic updates have already applied the patch.
• If you cannot update yourself, contact an IT provider today. If you have an MSP, call them now. If you don't, contact AyeTech immediately.
• Run antivirus scans on all devices. While this vulnerability is being exploited in targeted attacks (not mass exploitation), it's worth running a full scan to check for any signs of prior compromise.
• Monitor network traffic for unusual activity. Look for unexpected outbound connections, particularly to unfamiliar IP addresses or domains. This could indicate post-exploitation data exfiltration.
• Change passwords for critical accounts. If you were using Chrome to access email, banking, or other sensitive services before updating, consider changing those passwords from a patched device as a precaution.

Why Managed IT Protects You From This

This zero-day is one of eight actively exploited Chrome vulnerabilities discovered in 2025 alone. Every vendor — Google, Microsoft, Apple, Mozilla — releases critical patches multiple times per year. The question is not IF your systems will have vulnerabilities, but HOW FAST you find out about them, test them, and patch them.

A Managed IT Provider Does This For You:

• Continuous Monitoring: 24/7 monitoring of security feeds, vendor advisories, and threat intelligence to catch zero-days the moment they are disclosed
• Automated Inventory: RMM platforms instantly identify which systems are vulnerable — no manual checking of dozens of devices
• Rapid Assessment: When a critical vulnerability is discovered, it is assessed immediately for your specific infrastructure and user base
• Lab Testing: Patches are tested in a controlled environment before being deployed to production, ensuring stability and compatibility
• Coordinated Deployment: Updates are deployed across all managed systems in a prioritised manner with minimal disruption
• Verification: After patching, we verify that all systems are updated and no systems were missed
• Threat Hunting: Post-deployment, we scan for signs of prior exploitation before the patch was applied

This is exactly what AyeTech did within 24 hours of the Chrome patch being released.

If you are self-managing, you are betting that you will find out about zero-day exploits before your systems are compromised, understand their impact, have the expertise to test patches, and deploy them across all devices before attackers target you. That is not a sustainable bet for a business of any size.