Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
Google stated it has mounted a vulnerability in its Chrome browser for Home windows that malicious hackers have used to interrupt into victims’ computer systems.
In a brief note on Tuesday, Google stated that it mounted the vulnerability, tracked as CVE-2025-2783, that was found by researchers at safety agency Kaspersky earlier this month.
Google stated it was conscious of experiences that an exploit for the bug “exists within the wild.” The bug is known as a zero-day as a result of the seller — on this case, Google — was given no time to repair the bug earlier than it was exploited.
In keeping with Kaspersky, the bug was exploited as a part of a hacking marketing campaign concentrating on Home windows computer systems working Chrome.
In a blog post, Kaspersky referred to as the marketing campaign “Operation ForumTroll,” and stated victims had been focused with a phishing e-mail inviting them to a Russian world political summit. When a hyperlink within the e-mail was clicked, victims had been taken to a malicious web site that instantly exploits the bug to achieve entry to the sufferer’s PC information.
Kaspersky supplied little detail in regards to the bug on the time of the Chrome patch, however stated that the bug allowed the attackers to bypass Chrome’s sandbox protections, which restrict the browser’s entry to different information on the person’s pc. Kaspersky stated the bug impacts all different browsers based mostly on Google’s Chromium engine.
In a separate analysis, Kaspersky stated the bug was probably utilized in an espionage marketing campaign, sometimes designed to stealthily monitor and steal information from a goal’s gadget, normally over a time period. The Russia-headquartered safety agency stated the hackers despatched customized phishing emails to Russian media representatives and staff at academic establishments.
It’s unclear who was exploiting the bug, however Kaspersky attributed the marketing campaign to a probable state-sponsored or government-backed group of hackers.
Browsers like Chrome are a frequent goal for malicious hackers and government-backed teams. Zero-day bugs able to breaking by means of their protections and into the sufferer’s delicate gadget information will be offered at excessive costs. In 2024, one zero-day dealer was offering up to $3 million for exploitable bugs that may be triggered from over the web.
Google stated Chrome updates will roll out over the approaching days and weeks.
