The National Computer Emergency Response Team (NCERT) has issued a critical security advisory urging all users to immediately update their Google Chrome browsers following the discovery of a dangerous zero-day vulnerability, labeled CVE-2025-2783. The flaw, which has already been exploited in active cyberattack campaigns, allows malicious actors to bypass Chrome’s security features and gain control over compromised systems. The urgency of the advisory reflects the scale and seriousness of the threat, which has already impacted a range of organizations across different sectors.
According to NCERT, the vulnerability is being exploited by an advanced persistent threat (APT) operation referred to as “Operation ForumTroll.” This campaign is reportedly targeting government entities, educational institutions, and media outlets by luring victims through phishing emails designed to appear as legitimate event invitations. Once a user clicks the embedded link using an outdated version of Chrome, malicious code is executed silently in the background. This exploit is particularly dangerous because it stems from a logical flaw between Chrome and the Windows operating system, allowing attackers to bypass the browser’s sandboxing protections — a critical defense mechanism.
Once activated, the vulnerability opens the door to remote code execution, privilege escalation, and unauthorized access to sensitive information. In some cases, attackers can maintain persistent control over affected systems, enabling prolonged surveillance, data exfiltration, and the installation of additional malware. These intrusions often lead to the deployment of further malicious payloads and lateral movement across internal networks, magnifying the impact of the initial compromise.
Systems running any version of Chrome released prior to version 134.0.6998.177 or .178 for Windows are considered vulnerable. NCERT has advised that users immediately update their browsers to the latest version, which was released on March 25, 2025. In addition to the browser update, NCERT’s advisory also calls on organizations to remain on high alert and closely monitor their systems for any indicators of compromise. The agency further recommends reinforcing email security protocols, enabling Enhanced Safe Browsing features within Chrome, and reviewing system configurations to tighten access controls and prevent exploitation.
The advisory also emphasizes the importance of responding quickly in case of a confirmed breach. Organizations should isolate compromised systems, initiate forensic investigations, and recover affected machines from secure backups. These actions are critical in limiting damage and restoring system integrity. The advisory highlights that ignoring the vulnerability could result in severe consequences, including data theft, reputational damage, and long-term exposure to espionage activities.
Given the widespread reliance on Chrome as a primary web browser in professional and institutional environments, the risks associated with CVE-2025-2783 cannot be overstated. The exploitation of this zero-day by sophisticated threat actors reinforces the importance of timely patch management and robust security practices. As cyberattacks continue to evolve in complexity and stealth, proactive risk mitigation and user awareness remain central to organizational resilience in the digital age.
