Google Chrome is the most popular browser in the world, and it is used by billions of people. However, its widespread usage also makes it a prime target for bad actors who exploit various methods, such as malicious extensions, phishing links and fake websites. The latest attack involves hackers exploiting a browser vulnerability to conduct espionage. Google has acknowledged the security flaw and has released an update to fix it.
Cybersecurity researchers at Kaspersky recently discovered a sophisticated cyber espionage campaign exploiting a previously unknown vulnerability in Google Chrome. The attack was triggered when victims unknowingly clicked on a phishing link in an email, launching a malicious site in their browser. Shockingly, no further action was required. Simply opening the link was enough to infect the system.
According to Kaspersky’s report, the malware was based on a zero-day vulnerability, later identified as CVE-2025-2783. Researchers say they analyzed the exploit, reverse-engineered its logic and uncovered that it allowed attackers to bypass Chrome’s built-in security features as if they didn’t exist.
The vulnerability exploited Chrome’s inter-process communication framework, known as Mojo, which is crucial for the browser’s functionality. This allowed the attackers to execute malicious code across different processes within Chrome, effectively bypassing its security measures.
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” Kaspersky noted.
The cybersecurity team also highlighted the stealthy nature of the attack, which primarily targeted media professionals, educational institutions and government agencies. Dubbed “Operation ForumTroll,” the campaign appeared to have espionage as its primary goal.
CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PC
Once Kaspersky reported the vulnerability, Google released an emergency fix. The company has updated Chrome’s Stable channel for Windows, with the update gradually rolling out to users over the next few days and weeks. Meanwhile, the Extended Stable channel has also been updated.
As with most security updates, Google is keeping the details under wraps until the majority of users have installed the fix. This is a standard precaution to prevent other hackers from exploiting the flaw, while some users are still unprotected. If the bug also affects third-party software, Google will continue restricting details until those platforms release their own patches.
HACKED CHROME EXTENSIONS PUT 2.6 MILLION USERS AT RISK OF DATA LEAK
While the malware is affecting the Windows version of Google Chrome, it’s a good idea for everyone who uses Google Chrome to update their browsers. Below, we’ve listed steps to update the browser on Windows and other devices. To learn more about how to update other browsers like Safari, see my guide here.
Windows
Settings may vary depending on your Android phone’s manufacturer.
OUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY
While updating Chrome should fix the vulnerability, below are some security tips you can follow to further bolster your privacy and security.
1) Have strong antivirus software: Hackers often gain access to devices by sending infected emails or documents or by tricking you into clicking a link that downloads malware. You can avoid all of this by installing strong antivirus software that will detect any potential threat before it can take over your device. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Enable two-factor authentication (2FA): Many online accounts, including Google, offer two-factor authentication as an extra security measure. Enabling 2FA ensures that even if a hacker obtains your password, they still need a second form of verification, such as a code sent to your phone, to access your account. This simple step significantly reduces the chances of unauthorized access.
3) Use a secure password manager: A strong password is crucial, but remembering multiple complex passwords can be difficult. A password manager generates, stores and autofills strong passwords for your accounts, reducing the risk of password-related breaches. Avoid using the same password across different sites and always opt for long, unique passwords. Get more details about my best expert-reviewed password managers of 2025 here.
This incident serves as yet another reminder that even the most secure systems are never truly invulnerable, especially when state-backed or highly skilled actors are in play. While Google’s quick response is commendable, it also highlights the never-ending cat-and-mouse game between security teams and cybercriminals. If you are using Chrome, update it now.
Do you think Google is doing enough to protect users from security threats? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
