Google has released an urgent security update for its Chrome browser to patch a high-severity zero-day vulnerability tracked as CVE-2025-2783. This flaw was exploited in a sophisticated cyber-espionage campaign targeting media outlets, government institutions, and academia.
A Serious Security Breach
Discovered by Kaspersky’s Global Research and Analysis Team (GReAT), the vulnerability allowed attackers to bypass Chrome’s sandbox—a key security layer—and execute malicious code with little to no user interaction.
According to researchers, the exploit was actively used in targeted phishing attacks disguised as invitations to legitimate events like the “Primakov Readings” forum. Victims were redirected to real websites after the exploit ran silently in the background.
Operation ForumTroll
Dubbed “Operation ForumTroll”, the campaign was orchestrated by an advanced persistent threat (APT) group. Attackers targeted individuals in Russia using phishing emails with malicious links that appeared credible and expired quickly after use.
Key characteristics of the attack:
- No downloads required – The exploit triggered simply by clicking a link.
- Stealthy behavior – Victims received no alerts or signs of compromise.
- Sandbox escape – Attackers gained system access despite Chrome’s security measures.
Boris Larin, Principal Security Researcher at Kaspersky, said:
“This vulnerability stands out among the dozens of zero-days we’ve discovered. It completely bypassed Chrome’s defenses without raising red flags.”
What Users Should Do
Google has patched the issue in its latest Chrome update for Windows, with fixes for other Chromium-based browsers like Edge and Brave expected shortly.
✅ Update Google Chrome Now
- Open Chrome
- Click the three-dot menu > Help > About Google Chrome
- Allow Chrome to auto-update
- Restart the browser to apply the patch
🔒 Turn On Enhanced Safe Browsing
Go to: Settings > Privacy & Security > Safe Browsing
Select: Enhanced Protection for better phishing and malware defense.
⚠️ Stay Vigilant Against Phishing
- Don’t click unfamiliar or urgent links in emails
- Check the sender’s address and link URLs
- Avoid downloading suspicious files or attachments
Why It Matters
This incident highlights the growing sophistication of phishing and zero-day exploits, particularly those targeting influential professionals. With malware now executing in the background and bypassing traditional security, regular updates and smart browsing habits are more important than ever.
Google is expected to release more technical details once a broader user base has installed the patch.
Bottom Line:
If you haven’t updated Chrome, do it now. One click on an outdated browser could expose your system to serious threats.
