A sophisticated zero-day vulnerability in Google Chrome has been discovered and patched, following a series of targeted cyberattacks dubbed "Operation ForumTroll." The security flaw, identified as CVE-2025-2783, allowed attackers to bypass Chrome's sandbox protection through a logical error between the browser and Windows operating system.
The Attack Campaign
The attack campaign began with phishing emails containing fake invitations to the Primakov Readings international forum. These emails included malicious links that, when clicked by users running Chrome or Chromium-based browsers on Windows systems, triggered an automatic infection without requiring any additional user interaction.
Technical Impact
The vulnerability allowed attackers to circumvent Chrome's built-in sandbox protection mechanisms, effectively rendering this critical security feature ineffective. Security researchers at Kaspersky, who discovered the flaw, noted its unusual sophistication, as the exploit succeeded without employing obviously malicious code.
Targeted Victims
The attack specifically targeted Russian media representatives and educational institutions, suggesting an espionage motivation. Each phishing email contained personalized links with brief activation periods, indicating a carefully planned operation.
Resolution and Patches
Google has addressed the vulnerability in Chrome version 134.0.6998.177/.178. While the attack infrastructure currently redirects to legitimate websites, security experts warn that similar attack methods could be reactivated.
Recommendations
Users and organizations should:
- Update Google Chrome immediately to version 134.0.6998.177/.178 or newer
- Implement robust security solutions with exploit detection capabilities
- Maintain vigilance against phishing attempts
- Avoid clicking suspicious links in emails
The sophisticated nature of the attack and its targeting pattern suggests involvement of a state-sponsored advanced persistent threat (APT) group, though specific attribution remains under investigation.