A major security flaw in Google Chrome browser has put media outlets, government agencies, and educational institutions at risk of cyberattacks. The vulnerability, identified as CVE-2025-2783, was discovered by Kaspersky’s Global Research and Analysis Team (GReAT). It allowed attackers to bypass Chrome’s security protections without user interaction after clicking a malicious link.
How Hackers Exploited the Flaw
According to Kaspersky, a cybercriminal group exploited this flaw as part of a campaign named “Operation ForumTroll.” Attackers sent phishing emails to targets in Russia, inviting them to join the “Primakov Readings” forum. The emails contained links that initially worked but later redirected users to the real forum, making the attack harder to detect.
The real danger of this exploit was its ability to escape Chrome’s sandbox protection, a security feature designed to prevent harmful files from affecting the entire system. Once the victim clicked the link, the exploit worked silently in the background, allowing hackers to gain unauthorised access.
The real danger of this exploit was its ability to escape Chrome’s sandbox protection, a security feature designed to prevent harmful files from affecting the entire system. Once the victim clicked the link, the exploit worked silently in the background, allowing hackers to gain unauthorised access.
Expert’s Take on the Issue
Boris Larin, a security researcher at Kaspersky, highlighted the severity of the flaw. He noted that the exploit could bypass Chrome’s usual security restrictions without triggering any immediate warning signs. “This vulnerability stands out among the dozens of zero-days we’ve discovered over the years,” Larin stated.
Kaspersky reported the issue to Google, prompting the company to release a fix. The security patch was included in Google Chrome version 134.0.6998.177/.178, which started rolling out earlier this week.
How to Stay Safe
To protect against this vulnerability, Chrome users should update their browser immediately. The update is available for Windows users, and other Chromium-based browsers are also expected to receive patches soon. Users can check for updates by going to Settings > About Chrome, where the latest version will automatically download if available.