Google has fastened a critical safety vulnerability affecting its Google Chrome browser, that allowed attackers to bypass its security measures. The flaw was found by Kaspersky’s Global Research and Analysis Team (GReAT), and was reportedly used to focus on media shops, academic establishments, and authorities organisations. Google Chrome customers ought to replace their browser as a way to stay protected towards the vulnerability, and different Chromium-based browsers are additionally anticipated to obtain an replace that resolves the problem within the coming days.
Attackers Sent Personalised Phishing Emails as Part of ‘Operation ForumTroll’
According to particulars shared by the safety agency, a sophisticated persistent risk (APT) group is suspected to have run a marketing campaign dubbed Operation ForumTroll to benefit from a zero-day (beforehand unknown, undetected) vulnerability in Google Chrome for Windows, identifed as CVE-2025-2783.
The attackers would ship personalised phishing emails to individuals from media shops, academic establishments, and authorities organisations situated in Russia. These emails would invite them to affix the “Primakov Readings” discussion board. Kaspersky claims that the hyperlinks would expire shortly, and would finally ship customers to the actual discussion board.
What is most notable in regards to the safety exploit is that it allowed an attacker to make use of a maliciously crafted file to flee the sandbox safety system on Google Chrome. The safety flaw impacted Google Chrome on Windows, and didn’t require customers to work together with the malware in any method, after they clicked on the hyperlink.
Boris Larin, principal safety researcher at Kaspersky GReAT, explains that the exploit managed to fully disregard Chrome’s safety boundaries, and with out triggering any apparent malicious actions. “This vulnerability stands out among the dozens of zero-days we’ve discovered over the years,” he added.
The safety agency disclosed the vulnerability to Google, and a patch for the CVE-2025-2783 vulnerability was included with the replace to Google Chrome for Windows 134.0.6998.177 /.178, which started rolling out on Tuesday. Google has credited Kaspersky with discovering the vulnerability and customers ought to replace their browser to stay protected towards the flaw.
