{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Chrome Under Fire: Three Zero-Days, One Month, and Nation-State Exploits","html":"","width":"100%","height":180,"duration":1703,"description":"In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid succession following targeted attacks. At the center is CVE-2025-5419, a high-severity out-of-bounds read/write flaw in the V8 JavaScript engine that allows attackers to exploit heap corruption through crafted HTML pages — and it’s already being weaponized in the wild.We also revisit CVE-2025-2783, a Chrome Mojo vulnerability used in Operation ForumTroll, a nation-state espionage campaign targeting Russian organizations. This flaw allowed attackers to bypass Chrome’s sandbox entirely with just one click on a phishing link. The third major zero-day, CVE-2025-4664, exposed gaps in Chrome's Loader component, permitting policy bypass and potential full account takeover.Join us as we analyze the technical root causes, discuss Google's mitigation strategies including emergency out-of-band patches and configuration changes, and explore the implications of these rapid-fire exploits in a threat landscape increasingly shaped by advanced persistent threats and browser-based vulnerabilities. We’ll also offer key takeaways for IT teams and CISOs on patching strategy, user awareness, and the critical role of update velocity in today's cybersecurity defense playbook.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}