Chrome Zero-Day Exploitation Linked to Hacking Team Spyware

The exploitation of the first Chrome zero-day of 2025 is linked to tools used in attacks involving Hacking Team’s new spyware, Kaspersky reports.\n\nThe exploited Chrome vulnerability, tracked as CVE-2025-2783 and described as a sandbox escape issue, was caught in the wild in a sophisticated cyberespionage campaign attributed to a state-sponsored APT. Firefox was affected by a similar flaw, tracked as CVE-2025-2857.\n\nThe code was designed to validate the user, bypass Chrome’s sandbox, and execute shellcode, leading to the installation of a malware loader. To achieve persistence, the code placed new entries in the user registry to hijack Windows’s search order for COM objects.\n\n“Notably, we saw several minor similarities between this attack and others involving Dante, such as similar file system paths, the same persistence mechanism, data hidden in font files, and other minor details. Most importantly, we found similar code shared by the exploit, loader, and Dante,” Kaspersky notes.\n\nTo read the complete article see: SecurityWeek\n