Google has patched a critical security flaw in its Chrome browser for Windows, which cybercriminals had actively exploited to infiltrate victims’ computers. The vulnerability, identified as CVE-2025-2783, was discovered earlier this month by security researchers from Kaspersky.
The flaw allowed attackers to bypass Chrome’s security measures, enabling unauthorized access to users’ data. Google confirmed that the exploit was being used by hackers before the fix was released, making it a zero-day vulnerability.
Kaspersky linked the attack to a cyber campaign called “Operation ForumTroll,” in which victims received phishing emails disguised as invitations to a Russian global political summit. Clicking on the embedded link redirected them to a malicious site that immediately exploited the Chrome bug.
The attack primarily targeted Russian media professionals and employees of educational institutions, suggesting a potential espionage operation. While the perpetrators remain unidentified, Kaspersky noted that the level of sophistication aligns with government-backed cyber activities.
Exploits like this are highly valuable in underground markets, with cybercriminals and intelligence agencies willing to pay millions for access to such vulnerabilities. Google has now released an update to Chrome version 134.0.6998.177/.178 for Windows to address the issue.
The fix was contributed by Kaspersky researchers Boris Larin and Igor Kuznetsov, who first reported the flaw on March 20, 2025. Google has restricted full details of the vulnerability until the majority of users have received the update to prevent further exploitation.
Despite the fix, users who have not updated their browsers remain at risk. Google has urged all Chrome users to install the latest update immediately to prevent further attacks. The company also thanked security researchers for their role in identifying and mitigating such threats.
Additionally, the Extended Stable Channel has been updated to version 134.0.6998.178 to ensure security fixes for those using older Chrome versions.