Google on March 25 confirmed the issuance of a vital security patch for its Chrome browser, addressing a zero-day flaw that had been actively exploited by advanced persistent threat (APT) actors in phishing attacks. The vulnerability, tracked as CVE-2025-2783, was discovered to enable a dangerous sandbox escape, allowing attackers to compromise systems without additional user interactions.
Researchers from Kaspersky Lab, Boris Larin and Igor Kuznetsov, detected the flaw, which is related to an ‘incorrect handle provided in unspecified circumstances in Mojo on Windows’. Their findings were shared in a blog post where they detailed the operation dubbed ‘Operation ForumTroll’. Reportedly, victims were infected with malware immediately upon clicking compromised links in emails, which appeared to be legitimate invitations from a scientific forum called “Primakov Readings”.
As stated in their analysis, the cyberattack primarily targeted media outlets and educational institutions in Russia, leveraging personalized and time-sensitive malicious links that led directly to infection. While the details of the malware itself remain undisclosed, researchers emphasized that it was a sophisticated piece of software designed for cyberespionage, often deployed in conjunction with additional exploits capable of remote code execution.
Google’s security bulletin has emphasized the need for users to update their browsers promptly to safeguard against potential compromises. Although the malicious exploit is reportedly inactive, with links now redirecting to innocuous content, the persistent threat of zero-day vulnerabilities highlights the critical nature of timely updates. Users are reminded to exercise caution when engaging with unsolicited emails to prevent further exposure to such threats.