Google Patches Critical Chrome Zero-Day Exploited in Espionage Campaign

The CVE-2025-2783 vulnerability, used in phishing attacks targeting Russian organizations, has been fixed, though a related exploit remains under investigation.

Google has released a global patch for CVE-2025-2783, a Chrome zero-day vulnerability exploited in real-world attacks, with updates available in version 134.0.6998.178 for Windows users.
The vulnerability allowed attackers to bypass Chrome's sandbox protections and deploy malware, which was used in a phishing campaign known as Operation ForumTroll.
Operation ForumTroll targeted Russian media outlets, universities, and government agencies with phishing emails posing as invitations to a political summit.
The campaign is attributed to a likely state-sponsored APT group, suggesting its primary goal was cyber espionage.
A second exploit in the attack chain, enabling remote code execution, remains unpatched and is currently under investigation by security researchers.