Google has issued an emergency update for Chrome to address a zero-day vulnerability actively exploited in a sophisticated cyber espionage campaign.
At a Glance
- Vulnerability Identified: CVE-2025-2783, a high-severity flaw in Chrome’s Mojo component.
- Discovery: Kaspersky uncovered the exploit, dubbed “Operation ForumTroll,” targeting Russian organizations.
- Attack Method: Phishing emails with malicious links led to immediate system compromise upon clicking.
- Google’s Response: Released Chrome version 134.0.6998.177/.178 to patch the vulnerability.
Uncovering Operation ForumTroll
In mid-March 2025, cybersecurity firm Kaspersky uncovered a wave of infections stemming from a previously unknown and sophisticated malware campaign. Termed “Operation ForumTroll”, the operation exploited a zero-day vulnerability in Google Chrome and specifically targeted Russian media professionals, educational institutions, and government agencies.
The attackers relied on phishing emails containing personalized malicious links. Victims who clicked the links were instantly infected, without requiring additional action. Kaspersky noted, “In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser.”
Watch video coverage of the Chrome exploit.
Technical Insights into CVE-2025-2783
The underlying flaw, identified as CVE-2025-2783, lies in Chrome’s Mojo component, which facilitates inter-process communication. Exploiting this flaw enabled attackers to bypass Chrome’s sandboxing protections—normally a critical line of defense against malware execution.
Kaspersky researchers expressed surprise at the nature of the exploit, stating, “The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t exist.”
Google’s Swift Response
After being alerted to the issue on March 20, 2025, Google responded rapidly. The company released Chrome version 134.0.6998.177/.178 for Windows to close the vulnerability. In its advisory, Google acknowledged, “Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild,” confirming the urgency of the fix.
Recommendations for Users
To minimize the risk of infection, users are advised to take the following actions:
- Update Chrome: Ensure your browser is running version 134.0.6998.177/.178 or newer.
- Exercise Caution: Avoid clicking links in unsolicited emails, especially those from unknown senders.
- Strengthen Security: Use trusted antivirus tools and enable two-factor authentication for accounts where possible.
