Google has addressed a vulnerability in its Chrome browser for Windows, which had been exploited by malicious hackers to compromise victims’ computers.
In a brief statement released on Tuesday, Google announced the resolution of the vulnerability, identified as CVE-2025-2783, which had been discovered by security firm Kaspersky earlier this month. The company acknowledged reports indicating that an exploit for the vulnerability was active “in the wild.” The vulnerability is categorized as a “zero-day” because Google did not have time to rectify the issue before it was exploited.
According to Kaspersky, the vulnerability was used in a hacking campaign that targeted Windows users running Chrome. In a blog post, Kaspersky described this campaign as “Operation ForumTroll,” stating that victims received phishing emails purporting to invite them to a Russian global political summit. Clicking on the link within these emails directed victims to a malicious website designed to exploit the vulnerability and access their PC data.
At the time of Chrome’s patch, Kaspersky provided limited details about the vulnerability but explained that it allowed attackers to bypass Chrome’s sandbox protections, which restrict the browser’s access to other data on the user’s computer. The bug affects all browsers employing Google’s Chromium engine.
In a separate analysis, Kaspersky suggested that the vulnerability was likely used in an espionage effort aimed at covertly monitoring and extracting data from targets over time. The Russian-based firm reported that hackers had sent tailored phishing emails to representatives of the Russian media and personnel in educational institutions.
The identity of the group exploiting the vulnerability remains unclear, but Kaspersky attributed the operation to a likely state-sponsored or government-backed hacking group.
Browsers like Chrome are commonly targeted by malicious hackers and government-backed entities. Zero-day vulnerabilities, which compromise a device’s sensitive data, command high prices. In 2024, a zero-day broker was offering up to $3 million for internet-triggered exploitable bugs.
Google announced that updates to Chrome would be deployed over the following days and weeks.
