After discovering that hackers were using a significant security gap in its Chrome browser for Windows to compromise computers, Google corrected the issue.
Google claimed to have resolved the problem, which was identified as CVE-2025-2783, in a brief update on Tuesday. Kaspersky security experts found the vulnerability earlier this month.
Google said that hackers had already exploited the vulnerability in a “real world attack” prior to its patch. ‘Zero-day’ vulnerabilities are those that are exploited by attackers long before developers have a chance to fix them.
How Hackers Used The Bug
According to Kaspersky, the issue was a component of the Operation ForumTroll hacking effort. The initial step was sending phishing emails inviting the victims to a global political gathering in Russia. When victims clicked on the email’s link, they were taken to a rogue website where the bug was instantly used to access their computer data. Although Kaspersky did not disclose much about it, they did confirm that the vulnerability allowed hackers to get over Chrome’s sandbox security. These safeguards often keep the browser from accessing private information on a user’s machine. Furthermore, Kaspersky noted that this vulnerability affected all other browsers built on Google’s Chromium engine, not just Chrome.
Who Was Targeted?
According to security researchers, this issue was used in an espionage operation. The goal of these efforts is to gradually and covertly obtain information from targets. Russian media professionals and staff members at educational institutions received customized ‘phishing’ emails from the attacker, according to Kaspersky. The identity of the attacker is still unclear, though. According to the cybersecurity firm, there may have been involvement from a state-sponsored hacking outfit.