A serious security vulnerability has been discovered in Google Chrome. It was used in a targeted espionage campaign before being patched. Users should update update their browser without delay.
Browsing the web safely relies heavily on regular browser updates. Chrome, used by billions of people around the world, is no exception. this rule. Numerous critical vulnerabilities have been discovered in recent months. One of them, called "0.0.0.0-day," also affects Firefox and Safari and allows a hacker to access sensitive local data using a simple IP address. Another, spotted on Microsoft Edge, allowed malicious extensions to be discreetly installed without the user's knowledge. These examples are a reminder that these programs are prime targets for cyberattacks.
This is what happened recently with the CVE-2025-2783 flaw, a vulnerability deemed critical by experts. It was detected in the Mojo engine, an internal component of Chrome on Windows. According to Google, this flaw made it possible to bypass browser protection and launch malicious attacks. It was used as part of an espionage operation called Operation ForumTroll, primarily directed against organizations in Russia. A fix was deployed in Chrome versions 134.0.6998.177 and .178.
Chrome flaw CVE-2025-2783 allowed hackers to spy on their targets without them realizing it
The campaign was discovered by Kaspersky cybersecurity researchers, who noticed a wave of infections linked to new malware. According to their report, victims received well-crafted emails containing links to fake sites related to a legitimate scientific forum. Once the link was clicked, the browser was compromised without further action. The hackers could then spy on the victims' browsing habits and potentially install other tools remotely.
Kaspersky believes that this sophisticated attack could be the work of a state-sponsored group, given the technical level and precise targeting. Several malware variants have been identified. While the main flaw has been patched, Google strongly recommends making sure Chrome is up to date. Installing updates as soon as they become available remains the best way to protect against this type of vulnerability.
Source: securelist
0 Comments