Google urgently patches actively exploited Chrome flaw - patch now!
Take action: This one is urgent. Google pushed out a patch for just one flaw, immediately scored as critical. And we have active exploitation details, with a simple visit of a malicious site. DONT WAIT! Patch all your Chrome and Chromium browsers (Edge, Opera, Brave). The exploit is going to spread. And updating a browser is easy, all your tabs reopen after the patch.
Learn More
Kaspersky researchers have discovered an attack utilizing a Google Chrome zero-day exploit, which they have dubbed "Operation ForumTroll."
The campaign was detected in mid-March 2025, targeting media outlets, educational institutions, and government agencies in Russia through personalized phishing emails disguised as invitations to the "Primakov Readings" scientific forum.
The attack leverages a zero-day vulnerability in Google Chrome tracked as CVE-2025-2783 (CVSS score 9.8), which allows attackers to completely bypass Google Chrome's sandbox protection through what Kaspersky described as "a logical error at the intersection of Google Chrome's sandbox and the Windows operating system."
The attack chain worked like this:
- Victims received personalized phishing emails with short-lived malicious links
- Simply clicking the link and opening the page in Google Chrome is sufficient for infection
- No additional user action was required for the exploit to execute
- The sandbox escape (CVE-2025-2783) was designed to work with a second exploit enabling remote code execution
- The malware deployed through this chain appears to be designed for espionage purposes
Kaspersky researchers detected the exploit through the company's protection technologies, analyzed the code, and reported the vulnerability to Google on March 20, 2025. Google acknowledged the severity of the issue and released an emergency patch on March 25, 2025, in Chrome version 134.0.6998.177/.178.
In its security bulletin, Google confirmed that "an exploit for CVE-2025-2783 exists in the wild," classifying the vulnerability as "High" severity and describing it as an "Incorrect handle provided in unspecified circumstances in Mojo on Windows."
- Domain: primakovreadings[.]info
- Malicious payloads are detected by Kaspersky products with these verdicts:
- Exploit.Win32.Generic
- Trojan.Win64.Agent
- Trojan.Win64.Convagent.gen
- PDM.Win32.Generic
- PDM.Win32.Generic
- UDS.Multi.Generic
Google has released Chrome version 134.0.6998.177/.178 for Windows to address this vulnerability. Users are strongly advised to update their browsers immediately.
