Google Patches Eight Chrome Zero-Day Vulnerabilities Exploited Throughout 2025

Google tackled 8 high-severity zero-day flaws in Chrome 2025, notably targeting V8 engine and sandbox escapes with severe attacks.

By Content Team

Dec 17, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Google addressed eight actively exploited zero-day vulnerabilities in Chrome during 2025, all classified as high severity with CVSS scores averaging 8.5. Half targeted Chrome's V8 JavaScript engine, while others exploited graphics rendering and sandbox protection mechanisms.

Google's Threat Analysis Group discovered six vulnerabilities, with external contributions from Kaspersky and Apple teams. Notable attacks included Operation ForumTroll in March, which used CVE-2025-2783 to deploy LeetAgent spyware on Russian targets through sandbox escape techniques.

Type confusion vulnerabilities dominated, accounting for three flaws that exploited V8's optimization strategies. Two vulnerabilities enabled complete sandbox escapes, the most severe browser attack class. All eight were added to CISA's Known Exploited Vulnerabilities catalog, mandating immediate federal agency remediation.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026

Identity Abuse Drives Nearly Two-Thirds of Cyberattacks, Unit 42 Report Shows

Feb 17, 2026

Fake Claude AI Sites Spread Malware Through Google Ads

Mar 11, 2026

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026