Overview
- Google released an emergency update (version 134.0.6998.178) to fix CVE-2025-2783, a critical Chrome vulnerability actively exploited in the wild.
- The vulnerability allowed attackers to bypass Chrome's sandbox protections, enabling spyware-grade malware infections without user awareness.
- Kaspersky researchers uncovered the flaw during an investigation into 'Operation ForumTroll,' a phishing campaign targeting Russian media, educational, and government institutions.
- The phishing campaign used personalized emails with malicious links, redirecting victims to a domain that exploited the vulnerability upon click.
- Google has restricted full technical details until the majority of users have updated, urging immediate installation of the patch to neutralize the exploit chain.