According to TechRadar , Google has just released an emergency security update for the Chrome browser, aiming to fix the first critical zero-day vulnerability discovered in 2025. More concerningly, this vulnerability, identified as CVE-2'25-2783, has been actively exploited by hacker groups in actual attacks, suspected to be part of a large-scale cyber espionage campaign.
A critical Chrome vulnerability has been exploited in a sophisticated manner.
In its security alert, Google described the vulnerability as highly severe. It allows attackers to bypass Chrome's sandbox protection, a crucial step in installing malware and gaining control of the victim's computer.
The patch for the CVE-2'25-2783 vulnerability has been integrated by Google into Chrome version 134.0.6998.178. Google is currently limiting the release of technical details about the vulnerability to give users time to update and prevent it from being exploited more widely by hackers.
Google patches critical vulnerability in Chrome browser.
PHOTO: SCREENSHOT FROM THE HACKER NEWS
The discovery and reporting of this vulnerability belongs to two security researchers, Boris Larin and Igor Kuznetsov, from Kaspersky. In a more detailed report, Kaspersky revealed that this Chrome vulnerability is a crucial link in a targeted attack campaign called 'Operation ForumTroll'.
This campaign uses sophisticated phishing emails, disguised as invitations from the organizers of the 'Primakov Readings' scientific and expert forum. The targets of these emails are media outlets, educational institutions, and government agencies in Russia. When victims click on the malicious link in the email, they are redirected to a dangerous website, from which malware is deployed.
Kaspersky stated that those behind Operation ForumTroll also exploited another vulnerability to execute remote code, but patching the Chrome vulnerability CVE-2'25-2783 was sufficient to break the entire infection chain. Based on the complexity of the malware, Kaspersky believes the ultimate goal of this campaign was likely cyber espionage.
With the vulnerability being actively exploited, Google Chrome users, especially on Windows operating systems, are urgently advised to check and update their browser to version 134.0.6998.178 or later.
Source: https://thanhnien.vn/google-va-khan-cap-lo-hong-nguy-hiem-tren-trinh-duyet-chrome-185250326222913819.htm
Comment (0)