Google has fixed a vulnerability in the Chrome browser for Windows that attackers actively exploited. The issue, discovered in March by Kaspersky Lab specialists, posed a significant security risk.
Exploited Zero-Day Vulnerability
The vulnerability, identified as CVE-2025-2783, was classified as a zero-day threat since Google had not addressed it before attackers developed an exploit. It was used in a hacking campaign targeting Windows users with Chrome installed.
Kaspersky Lab dubbed this campaign “Forum Troll.” Attackers sent phishing emails inviting recipients to an international political summit. Clicking the provided link redirected victims to a malicious website that exploited the vulnerability to gain access to their data.
Security Implications and Fixes
While Kaspersky Lab did not disclose the full technical details, they confirmed that the flaw allowed bypassing Chrome’s sandbox protection, which typically restricts the browser’s access to other files. Furthermore, the vulnerability affected all browsers based on the Chromium engine, expanding its potential impact. Experts believe this exploit facilitated covert surveillance and data theft, notes NIXsolutions.
Google has since released a patch to fix the issue. Users are advised to update their browsers immediately to ensure protection against potential threats. We’ll keep you updated on further security developments.