OP 16 April, 2026 - 04:35 AM
Google has released an emergency update for Chrome after researchers at Kaspersky discovered an actively exploited zero-day vulnerability being used in a sophisticated espionage campaign targeting media outlets, educational institutions, and government organizations.
What Happened
The vulnerability, tracked as CVE-2025-2783, was found in Mojo — Chrome's inter-process communication (IPC) framework. The flaw allowed attackers to bypass Chrome's sandbox protections entirely, enabling full system compromise simply by having a target click a malicious link.
Kaspersky researchers dubbed the campaign "Operation ForumTroll" after discovering phishing emails impersonating invitations to a legitimate international policy forum. Targets received personalized emails with short-lived links — the URLs expired almost immediately after being clicked to avoid forensic analysis.
Technical Details
Who Was Targeted
The campaign was highly targeted, focusing on:
The sophistication of the exploit and the targeting pattern suggest a state-sponsored threat actor, though no formal attribution has been made.
What You Should Do
Why This Matters
Chrome zero-days that escape the sandbox are rare and extremely valuable — they typically sell for $500K+ on the exploit market. The fact that this one was burned on a targeted espionage campaign rather than sold commercially indicates the operators had significant resources and specific intelligence objectives.
This is the first confirmed in-the-wild Chrome zero-day of 2025, and it reinforces why keeping your browser patched is one of the most impactful things you can do for your security posture.
Source: Kaspersky SecureList, Google Chrome Releases Blog
Stay safe out there.
What Happened
The vulnerability, tracked as CVE-2025-2783, was found in Mojo — Chrome's inter-process communication (IPC) framework. The flaw allowed attackers to bypass Chrome's sandbox protections entirely, enabling full system compromise simply by having a target click a malicious link.
Kaspersky researchers dubbed the campaign "Operation ForumTroll" after discovering phishing emails impersonating invitations to a legitimate international policy forum. Targets received personalized emails with short-lived links — the URLs expired almost immediately after being clicked to avoid forensic analysis.
Technical Details
- The exploit chain required no user interaction beyond clicking the link — no downloads, no additional prompts
- It bypassed Chrome's sandbox by exploiting a logic error in Mojo's handle validation between processes
- A second exploit (details still undisclosed) was chained for full remote code execution
- The attack specifically targeted Windows users running x64 Chrome builds
Who Was Targeted
The campaign was highly targeted, focusing on:
- Russian-speaking media organizations and journalists
- Educational institutions
- Government-related entities
The sophistication of the exploit and the targeting pattern suggest a state-sponsored threat actor, though no formal attribution has been made.
What You Should Do
- Update Chrome immediately to version 134.0.6998.177/.178 or later
- Enable automatic updates if you haven't already
- Be cautious of any unsolicited email links, even if they appear legitimate
- Consider using browser isolation for sensitive browsing
Why This Matters
Chrome zero-days that escape the sandbox are rare and extremely valuable — they typically sell for $500K+ on the exploit market. The fact that this one was burned on a targeted espionage campaign rather than sold commercially indicates the operators had significant resources and specific intelligence objectives.
This is the first confirmed in-the-wild Chrome zero-day of 2025, and it reinforces why keeping your browser patched is one of the most impactful things you can do for your security posture.
Source: Kaspersky SecureList, Google Chrome Releases Blog
Stay safe out there.
![[Image: 23Hat0c.gif]](https://i.imgur.com/23Hat0c.gif)
![[Image: 87v6l1j.gif]](https://i.imgur.com/87v6l1j.gif)
![[Image: b8vkbN8.gif]](https://i.imgur.com/b8vkbN8.gif)