Google has addressed a major security vulnerability in its Chrome browser for Windows, classified as a zero-day exploit, which was actively used by hackers to gain access to users' systems. The flaw, identified as CVE-2025-2783, was uncovered during an investigation by cybersecurity experts at Kaspersky, who linked it to a targeted phishing campaign known as “Operation ForumTroll.”
The exploit involved phishing emails that lured victims to a fake Russian political summit. Clicking on the malicious link redirected users to a compromised website, where attackers took advantage of the vulnerability to bypass Chrome's sandbox security and access sensitive information. The bug also impacts Chromium-based browsers such as Microsoft Edge, Opera, and Brave.
Kaspersky identified this activity as part of a wider espionage campaign potentially led by a state-sponsored entity, aimed at gathering intelligence over time. Media professionals and educational institutions were among the primary targets.
Zero-day vulnerabilities like this one are highly valued for their ability to infiltrate systems through basic user actions, such as clicking a link. Industry experts estimate that such exploits can sell for as much as $3 million in underground markets.
To protect against this threat, Google urges users to update their Chrome browser to the latest version immediately. Users of other Chromium-based browsers are also advised to install available updates to stay safeguarded.
This proactive measure highlights the importance of maintaining updated software to prevent unauthorized access and ensure digital security. Stay safe by keeping your browser and other applications regularly updated!