Google has fixed a serious security vulnerability affecting its Google Chrome browser, that allowed attackers to bypass its security features. The flaw was discovered by Kaspersky’s Global Research and Analysis Team (GReAT), and was reportedly used to target media outlets, educational institutions, and government organisations. Google Chrome users should update their browser in order to remain protected against the vulnerability, and other Chromium-based browsers are also expected to receive an update that resolves the issue in the coming days.
Attackers Sent Personalised Phishing Emails as Part of ‘Operation ForumTroll’
According to details shared by the security firm, an advanced persistent threat (APT) group is suspected to have run a campaign dubbed Operation ForumTroll to take advantage of a zero-day (previously unknown, undetected) vulnerability in Google Chrome for Windows, identifed as CVE-2025-2783.
The attackers would send personalised phishing emails to persons from media outlets, educational institutions, and government organisations located in Russia. These emails would invite them to join the “Primakov Readings” forum. Kaspersky claims that the links would expire quickly, and would eventually send users to the real forum.
What is most notable about the security exploit is that it allowed an attacker to use a maliciously crafted file to escape the sandbox protection system on Google Chrome. The security flaw impacted Google Chrome on Windows, and did not require users to interact with the malware in any way, after they clicked on the link.
Boris Larin, principal security researcher at Kaspersky GReAT, explains that the exploit managed to completely disregard Chrome’s security boundaries, and without triggering any obvious malicious actions. “This vulnerability stands out among the dozens of zero-days we’ve discovered over the years,” he added.
The security firm disclosed the vulnerability to Google, and a patch for the CVE-2025-2783 vulnerability was included with the update to Google Chrome for Windows 134.0.6998.177 /.178, which began rolling out on Tuesday. Google has credited Kaspersky with discovering the vulnerability and users should update their browser to remain protected against the flaw.
