Google Chrome: Warnings to "not click links in emails" are now a weekly occurrence. Email platforms continue to struggle with blocking sophisticated threats, and the situation is worsening with the rise of AI-fueled attacks. But at the core of these threats is something simple: a casual click or tap.

The latest danger involves a severe vulnerability in Google Chrome that has prompted an emergency update for Windows users. "Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild," the company said in its advisory on Tuesday. The newest version, Chrome 134.0.6998.177/.178, is rolling out over the "coming days/weeks." However, Google assures users they’ll likely receive the update much faster. You can check for updates immediately, and once it’s downloaded, make sure to restart your browser to install the fix.

ALSO READ: iPhone 17 Air Leaks: Price, Launch Date, Camera, Design And Everything We Know So Far

A Wave of Sophisticated Attacks

The new threat was first flagged by Kaspersky, which described it as "a wave of infections by previously unknown and highly sophisticated malware." According to Kaspersky, once a victim clicked a link in a highly personalized email, Chrome opened, and "infection occurred immediately." The firm also warned that "no further action was required to become infected."

After analyzing the exploit code and reverse-engineering its logic, Kaspersky confirmed the vulnerability was based on a zero-day flaw in the latest version of Chrome. "We then reported the vulnerability to the Google security team," the researchers stated. It was this report that triggered Google's emergency update.

Bypassing Chrome’s Defenses

Kaspersky called the exploit "certainly one of the most interesting we’ve encountered," admitting that it "really left us scratching our heads." What makes it so alarming is that it allowed attackers to bypass Chrome’s sandbox protection "as if it didn’t even exist."

With such a sophisticated exploit in the wild, staying updated is more critical than ever. Ensure your Chrome browser is running the latest version, and remain cautious about clicking links — even in emails that seem personalized or familiar.

The team discovered that the vulnerability was caused by “a logical error at the intersection of Google Chrome’s sandbox and the Windows operating system,” which explains why this attack and the subsequent update only apply to Windows users. Further details are being withheld until “the majority of users have installed the updated version of the browser that fixes it.”

According to Kaspersky, the likely goal of these attacks is espionage, with targets including “media outlets, educational institutions and government organizations.” The focus appears to be on Russian institutions, and the level of sophistication suggests the involvement of a nation-state-associated group. “The exploit we discovered was designed to run in conjunction with an additional exploit that enables remote code execution,” Kaspersky said. Unfortunately, they couldn’t obtain the second exploit. “In this particular case, it would have required waiting for a new wave of attacks and exposing users to the risk of infection.”

Fixing the first exploit has stopped the current wave of attacks, but the second exploit remains a threat. It could be repackaged for other attacks and needs to be isolated and addressed. “All the attack artifacts analyzed so far indicate high sophistication of the attackers, allowing us to confidently conclude that a state-sponsored APT group is behind this attack,” Kaspersky added.

For Google currently the timing is not right and a bit awkward as it is coming just days after Microsoft issued a warning suggesting that users might be safer switching from Chrome to Edge. Still, Google deserves credit for rushing out a fix so quickly. Now, it’s up to users to make sure they install the update.

ALSO READ: Garena Free Fire MAX Redeem Codes for 28 March 2025: Get Free Skins, Weapons, Diamonds, And How to Redeem Codes