.svg){kind=icon}
A new zero-day vulnerability in Google Chrome, now tracked as CVE-2025-2783, has been actively exploited in targeted attacks. The campaign, led by the Mem3nt0 Mori hacker group, has already compromised high-profile targets in Russia and Belarus.
What makes this incident stand out is how it unfolds. Victims received well-crafted phishing emails written in Russian. One click on the embedded link was all it took; no downloads, no extra steps. From there, the attackers used the vulnerability to quietly bypass Chrome’s sandbox protections and deploy advanced spyware.
This is another reminder that zero-click or one-click exploits are becoming the attacker’s weapon of choice. They don’t rely on tricking users into running malware. Instead, they use the software itself as the entry point.
At NetraScale, we see zero-day exploits as the blind spots that most traditional risk frameworks miss. Even if your software is fully patched today, it might already be vulnerable tomorrow, especially when attackers are evolving faster than most defenses can adapt.
Our approach focuses on proactive visibility across the attack surface. That means mapping not just your software stack but also the behavioral patterns and interconnections between your vendors, browsers, and users that create hidden risk.
It’s not about predicting every exploit. It’s about understanding where one might land before it does.
.svg){kind=logo}
