Google has announced that it has resolved a security vulnerability in its Chrome browser for Windows, which hackers have exploited to gain unauthorized access to users’ computers. In a brief statement released on Tuesday, Google confirmed the fix for the vulnerability, identified as CVE-2025-2783, which was discovered earlier this month by researchers at Kaspersky, a security firm.
The company acknowledged reports indicating that an exploit for this vulnerability is “in the wild.” This particular flaw is categorized as a zero-day because it was exploited before Google had the opportunity to address it. Kaspersky reported that this vulnerability was exploited in a hacking campaign aimed at Windows users of Chrome. They labeled the operation “Operation ForumTroll” and detailed how victims were targeted with phishing emails that invited them to a supposed Russian global political summit. Clicking on a link in the email redirected victims to a malicious website that leveraged the vulnerability to access their computer data. While Kaspersky did not provide extensive details about the flaw when the Chrome patch was announced, they noted that it allowed attackers to bypass Chrome’s sandbox protections, which are designed to restrict the browser’s access to other data on a user’s device. The vulnerability also affects other browsers built on Google’s Chromium engine. In a separate assessment, Kaspersky indicated that the bug was likely part of an espionage effort aimed at stealthily monitoring and stealing data from targeted devices over time. The security firm reported that personalized phishing emails were sent to individuals in Russian media and educational institutions.
While the identity of the hackers exploiting the vulnerability remains uncertain, Kaspersky suggested that the campaign could be attributed to a state-sponsored or government-affiliated group. Web browsers like Chrome are frequently targeted by malicious hackers and government-backed entities, as zero-day vulnerabilities capable of bypassing their defenses can command high prices on the black market. In 2024, one zero-day broker was reportedly offering up to $3 million for exploitable bugs that could be triggered remotely.
Google stated that updates for Chrome will be rolled out over the next few days and weeks.
