Particle.news

Download on the App Store

Google Patches Critical Chrome Zero-Day Exploited in Espionage Campaign

The vulnerability, discovered by Kaspersky, was used to target Russian organizations with malware via phishing emails, prompting an emergency update for Windows users.

Image
Image
Image
Image

Overview

  • Google released an emergency update (version 134.0.6998.178) to fix CVE-2025-2783, a critical Chrome vulnerability actively exploited in the wild.
  • The vulnerability allowed attackers to bypass Chrome's sandbox protections, enabling spyware-grade malware infections without user awareness.
  • Kaspersky researchers uncovered the flaw during an investigation into 'Operation ForumTroll,' a phishing campaign targeting Russian media, educational, and government institutions.
  • The phishing campaign used personalized emails with malicious links, redirecting victims to a domain that exploited the vulnerability upon click.
  • Google has restricted full technical details until the majority of users have updated, urging immediate installation of the patch to neutralize the exploit chain.