Google Fixes Chrome Zero-day Security Flaw Used In Hacking Campaign Targeting Journalists

Google said it has fixed a vulnerability successful its Chrome browser for Windows that malicious hackers person utilized to break into victims’ computers.

In a brief note connected Tuesday, Google said that it fixed nan vulnerability, tracked arsenic CVE-2025-2783, that was discovered by researchers astatine information patient Kaspersky earlier this month. 

Google said it was alert of reports that an utilization for nan bug “exists successful nan wild.” The bug is referred to arsenic a zero-day because nan vendor — successful this case, Google — was fixed nary clip to hole nan bug earlier it was exploited.

According to Kaspersky, nan bug was exploited arsenic portion of a hacking run targeting Windows computers moving Chrome. 

In a blog post, Kaspersky called nan run “Operation ForumTroll,” and said victims were targeted pinch a phishing email inviting them to a Russian world governmental summit. When a nexus successful nan email was clicked, victims were taken to a malicious website that instantly exploits nan bug to summation entree to nan victim’s PC data. 

Kaspersky provided little detail astir nan bug astatine nan clip of nan Chrome patch, but said that nan bug allowed nan attackers to bypass Chrome’s sandbox protections, which limit nan browser’s entree to different information connected nan user’s computer. Kaspersky said nan bug affects each different browsers based connected Google’s Chromium engine.

In a abstracted analysis, Kaspersky said nan bug was apt utilized successful an espionage campaign, typically designed to stealthily show and bargain information from a target’s device, usually complete a play of time. The Russia-headquartered information patient said nan hackers sent personalized phishing emails to Russian media representatives and labor astatine acquisition institutions. 

It’s unclear who was exploiting nan bug, but Kaspersky attributed nan run to a apt state-sponsored aliases government-backed group of hackers. 

Browsers for illustration Chrome are a predominant target for malicious hackers and government-backed groups. Zero-day bugs tin of breaking done their protections and into nan victim’s delicate instrumentality information tin beryllium sold astatine precocious prices. In 2024, 1 zero-day agent was offering up to $3 cardinal for exploitable bugs that tin beryllium triggered from complete nan internet. 

Google said Chrome updates will rotation retired complete nan coming days and weeks.

Subscribe for nan industry’s biggest tech news