Source URL: https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/
Source: The Register
Title: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Feedly Summary: Single click on a phishing link in Google browser blew up sandbox on Windows
Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia.…
AI Summary and Description: Yes
Summary: The text discusses a significant security vulnerability found in Google Chrome and a similar flaw in Mozilla Firefox, both allowing sandbox escapes on Windows. This situation highlights the ongoing challenges related to browser security and the need for timely responses to emerging threats, particularly in the context of espionage activities targeting specific individuals.
Detailed Description: The content provides an overview of a zero-day vulnerability (CVE-2025-2783) in Google Chrome and a similar vulnerability in Mozilla Firefox (CVE-2025-2857). Here are the key points:
– **Chrome Vulnerability**:
– Google released an emergency patch for Chrome to address a sandbox-breaking vulnerability (CVE-2025-2783).
– The vulnerability was identified by Kaspersky, which discovered it while investigating a phishing campaign aimed at Russian journalists and other entities.
– This exploit allowed attackers to bypass Chrome’s security sandbox, potentially leading to further exploitation.
– Kaspersky researchers noted that the exploit did not require any overtly malicious action from users, highlighting the sophistication of the attack vector.
– **Firefox Response**:
– Following the discovery of the Chrome vulnerability, Mozilla investigated its own browser and found a similar flaw in its inter-process communication (IPC) code.
– The Firefox flaw, tracked as CVE-2025-2857, also enabled sandbox escapes.
– Mozilla confirmed that the issue allowed attackers to manipulate the parent process to induce leaks to unprivileged child processes.
– **Wider Implications**:
– Since the Chromium framework powers multiple browsers, including Edge, Opera, and Brave, other browser developers are expected to release similar patches soon.
– The Tor browser, built on Mozilla’s Firefox project, also issued an emergency update to address the identified vulnerabilities.
– **Key Takeaways**:
– The continual discovery of security vulnerabilities in widely-used software emphasizes the importance of regular updates and proactive measures in cybersecurity.
– Organizations and individuals should maintain vigilance regarding browser security to protect against potential exploits, particularly those targeting specific user groups for espionage purposes.
This situation underscores the crucial need for timely and effective security measures from software vendors and poses significant implications for users exposed to potential threats stemming from these vulnerabilities. For security and compliance professionals, the incident illustrates the importance of understanding and mitigating risks associated with browser security.