Chrome Users at Risk: Zero-Day Vulnerability Exploited in Phishing Campaign
Google Patches High-Severity Chrome Vulnerability
Google has released an urgent security update to fix a high-severity zero-day vulnerability in Chrome that was actively exploited in cyber-espionage attacks targeting Russian organizations.
Tracked as CVE-2025-2783, the flaw allows attackers to escape Chrome’s security sandbox and execute malware on affected systems. The vulnerability was discovered by Kaspersky researchers Boris Larin and Igor Kuznetsov, who described it as an “incorrect handle provided in unspecified circumstances in Mojo on Windows.”
Google acknowledged the issue in a security advisory published Tuesday, confirming that an exploit for this vulnerability was already being used in the wild. The company has now patched the flaw for Chrome users in the Stable Desktop channel, with updated versions rolling out globally to Windows users under Chrome version 134.0.6998.178.
Although Google says the security update will be gradually distributed over the coming days and weeks, users can immediately check for updates and install the patch manually.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Zero-Day Used to Deploy Malware in Operation ForumTroll
While Google has yet to disclose full details of the attacks, Kaspersky’s analysis revealed that CVE-2025-2783 was used in a sophisticated cyber-espionage campaign dubbed Operation ForumTroll.
Operation ForumTroll phishing email (Kaspersky)
Attackers exploited the Chrome zero-day to bypass sandbox protections and infect victims with advanced malware. The campaign relied on phishing emails impersonating invitations from a Russian scientific and expert forum, Primakov Readings. These fraudulent emails targeted media outlets, educational institutions, and government organizations across Russia.
Victims who clicked on malicious links in these emails were redirected to the primakovreadings[.]info domain, where the exploit was triggered, allowing attackers to gain remote control of compromised systems.
Second Exploit Discovered in the Attack Chain
During their investigation, Kaspersky researchers also discovered that attackers used a second exploit in conjunction with the Chrome zero-day. While details of this additional exploit remain undisclosed, Kaspersky confirmed that patching Chrome will disable the entire exploit chain and prevent further infections.
“While research is still ongoing, judging by the functionality of the sophisticated malware used in the attack, the attackers’ goal was likely espionage,” Kaspersky said.
Trending: Major Cyber Attacks that shaped 2024
Trending: Offensive Security Tool: DS Viper
First Chrome Zero-Day of 2025 – More to Come?
CVE-2025-2783 marks the first Chrome zero-day patched in 2025. Last year, Google fixed 10 Chrome zero-days, many of which were either actively exploited in the wild or demonstrated at hacking contests like Pwn2Own.
With cyber-espionage groups continuously targeting Chrome vulnerabilities, users are strongly advised to keep their browsers up to date and remain cautious of phishing emails distributing exploits.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
