According to TechRadar , Google has just released an urgent security update for the Chrome browser, to fix the first serious zero-day vulnerability discovered in 2025. More worryingly, this vulnerability, identified as CVE-2'25-2783, has been actively exploited by hacker groups in real-world attacks, suspected to be part of a large-scale cyber espionage campaign.
Serious Chrome vulnerability exploited in sophisticated way
In its security alert, Google described the vulnerability as high severity. It allows an attacker to bypass Chrome's sandbox protection mechanism, a key step in being able to install malware and take control of a victim's computer.
A patch for the CVE-2'25-2783 vulnerability has been integrated by Google in Chrome version 134.0.6998.178. Google is currently limiting the release of technical details about the vulnerability to give users time to update and avoid being exploited more widely by hackers.
Google urgently patches serious vulnerability in Chrome browser
PHOTO: SCREENSHOT THE HACKER NEWS
The discovery and reporting of this vulnerability belongs to two security researchers Boris Larin and Igor Kuznetsov from Kaspersky. In a more detailed report, Kaspersky revealed that this Chrome vulnerability was a key link in a targeted attack campaign called 'Operation ForumTroll'.
The campaign uses sophisticated phishing emails, pretending to be invitations from the organizers of the scientific and expert forum 'Primakov Readings'. The emails target media outlets,educational institutions and government agencies in Russia. When victims click on the malicious link in the email, they are redirected to a dangerous website, from which the malware is deployed.
Kaspersky said the actors behind Operation ForumTroll also used another vulnerability to execute code remotely, but patching the Chrome vulnerability CVE-2'25-2783 was enough to break the entire infection chain. Based on the sophistication of the malware, Kaspersky believes the ultimate goal of this campaign could be cyber espionage.
With the vulnerability being actively exploited, Google Chrome users, especially on Windows operating systems, are advised to urgently check and update their browser to version 134.0.6998.178 or later.
Source: https://thanhnien.vn/google-va-khan-cap-lo-hong-nguy-hiem-tren-trinh-duyet-chrome-185250326222913819.htm
Comment (0)