{"id":103607,"date":"2025-03-27T14:56:17","date_gmt":"2025-03-27T21:56:17","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=103607"},"modified":"2025-03-27T14:56:17","modified_gmt":"2025-03-27T21:56:17","slug":"google-chrome-patches-zero-day-used-to-spread-sophisticated-malware","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/google-chrome-patches-zero-day-used-to-spread-sophisticated-malware\/","title":{"rendered":"Google Chrome patches zero-day used to spread “sophisticated malware”"},"content":{"rendered":"

\"IconsOn Tuesday, March 25, the Google Chrome<\/a> browser was updated to version 134.0.6998.177\/.178 to address a zero-day vulnerability\u2014one that has been actively exploited in the wild. This is the second Chromium vulnerability this year for which Google is aware of real-world exploitation; Apple reported the previous one<\/a> to Google in early March.<\/p>\n

A security flaw used to spread “sophisticated malware”<\/h3>\n

Google says that “an exploit for CVE-2025-2783 exists in the wild.” This means that users must install patches urgently.<\/strong><\/p>\n

According to researchers<\/a> who observed the vulnerability in the wild, it let attackers “bypass Google Chrome\u2019s sandbox protection.” Attackers chained their exploitation of this security bug with another exploit, which “enabled remote code execution on compromised systems” and installed “sophisticated malware.”<\/p>\n

Based on the malware’s functionality, the researchers believe its main purpose was espionage.<\/p>\n

Although the researchers only observed this attack installing Windows malware, the same vulnerability could potentially be exploited to spread Mac malware, too. Thus it’s important to update your browser no matter which operating system you use.<\/p>\n

Other browsers require urgent updates, too<\/h3>\n

Whenever Chrome gets a security update, other browsers based on the Chromium<\/a> open-source Web browser project generally require an update, too. Notable browsers built upon the Chromium codebase include\u00a0Microsoft Edge<\/strong>, Arc<\/strong>, Brave<\/strong>, Vivaldi<\/strong>, and Opera<\/strong>.<\/p>\n

Microsoft Edge<\/a>, Brave<\/a>, and Vivaldi<\/a> all got updates on Wednesday, March 26. These browsers are based on the most recent Chromium version.<\/p>\n

Meanwhile, Opera’s browsers are based on older Chromium code bases; this means that the engineers who develop them must backport security patches. Opera, Opera GX, and Opera Air<\/a> all supposedly addressed CVE-2025-2783 on Thursday, March 27. However, Opera Air for Mac<\/strong> doesn’t appear to have been updated since March 5, meaning it likely contains many vulnerabilities<\/strong>\u2014including the zero-day that Apple reported<\/a> to Google.<\/p>\n

Although Arc got an update<\/a> on Thursday, March 27, it was to an older and still vulnerable Chromium build. The Arc browser therefore remains vulnerable, as of when this article is being published.<\/p>\n

How to update Chromium-based desktop browsers<\/h3>\n

Mac users can update their Chrome, Brave, Edge, or Opera browsers<\/strong> by clicking on the application menu (e.g. “Chrome” or “Microsoft Edge,” next to the Apple logo menu), and then clicking the first item in that menu (e.g. “About Google Chrome” or “About Microsoft Edge”). The browser will check for updates; if an update is available, it will prompt you to restart the app to complete the update.<\/p>\n

Arc and Vivaldi for macOS<\/strong> have a slightly different update procedure. After clicking on the Arc or Vivaldi menu (next to the Apple menu), click on “Check for Updates\u2026” to ensure you have the latest version installed.<\/p>\n

Windows users can update their browsers<\/strong> by following the steps provided by each browser maker: Chrome<\/a>, Arc<\/a>, Brave<\/a>, Edge<\/a>, Opera<\/a>, Vivaldi<\/a>.<\/p>\n

How to update Chromium-based mobile browsers<\/h3>\n

Android users<\/strong> should check the Google Play Store app for the latest versions of their browsers and other apps.<\/p>\n

Mobile browsers on iOS and iPadOS<\/strong> use Safari’s WebKit engine, rather than Chromium’s Blink and V8 engines. Therefore, this particular vulnerability does not affect the iOS or iPadOS versions of any Web browsers. If you would like to update your iPhone and iPad browsers anyway, you can do so via the App Store. (Here’s how to manually check for and install updates<\/a>.)<\/p>\n

Starting with iOS 17.4, browser makers may opt into using their own rendering engines. However, this is only available in the EU, for compliance with the Digital Markets Act. No major third-party browser has chosen to bring its own engine to iOS yet.<\/p>\n

Non-browser apps need updates, too<\/h3>\n

As we’ve noted in the past, many non-browser apps, including\u00a0Electron apps<\/a>, also rely on the Chromium browser codebase for rendering HTML content. These include the desktop versions of apps like 1Password, Discord, Dropbox, Figma, GitHub, Microsoft Teams, Signal, Skype, Slack, Trello, Twitch, WhatsApp, WordPress, and Zoom.<\/strong><\/p>\n

Notably, the Electron framework does not get updated in tandem with Chromium, so some Electron-based apps may remain vulnerable for months<\/a>. For this and other reasons, it’s important to keep all your other apps updated as well.<\/p>\n

To update Mac App Store apps<\/a>, open the App Store, then click Updates, and click on Update All. Other apps usually have their own separate in-app or external update mechanisms. In some cases, you may need to update an app manually by downloading a new version from the developer’s site.<\/p>\n

Chromium vulnerabilities threaten Electron app security<\/a><\/p><\/blockquote>\n