Google said that it has solved a vulnerability in his Chrome browser for Windows who used malignant hackers to break into the computers of victims.
In one Brief comment On Tuesday, Google said it has determined the vulnerability, Stopped as CVE-2025-2783This was discovered by researchers from security company Kaspersky earlier this month.
Google said it was aware of reports that an exploit for the bug ‘exists in the wild’. The bug is called a zero-day because the seller-in this case was Google-no time to repair the bug before it was exploited.
According to Kaspersky, the bug was operated as part of a hacking campaign aimed at Windows computers with Chrome.
In A blog postKaspersky called the campaign ‘Operation forumtroll’, and said that victims were the target of a phishing -e -mail that invited them to a Russian global political top. When a link in the e -mail was clicked, victims were brought to a malignant website who immediately operates the bug to gain access to the PC data of the victim.
Kaspersky Bood little detail About the bug at the time of the Chrome patch, but said that the bug allowed the attackers to bypass the Sandbox protection of Chrome, which limit access from the browser to other data on the user’s computer. Kaspersky said the bug influences all other browsers based on the Google chrome engine.
In A separate analysisKaspersky said the bug was probably used in a espionage campaign, usually designed to highlight and steal data from the device of a target, usually for a certain period. The security company-acted by Russia said that the hackers have sent personalized phishing e-mails to Russian media representatives and employees at educational institutions.
It is unclear who exploited the bug, but Kaspersky attributed the campaign to a likely group sponsored by the state or group of hackers supported by the government.
Browsers such as Chrome are a frequent target for malignant hackers and groups supported by the government. Zero-Day Bugs can break through their protection and in the sensitive device data of the victim can be sold at high prices. In 2024, a broker with zero days up to $ 3 million offered for exploitable bugs that can be activated via the internet.
Google said Chrome updates will be rolled out in the coming days and weeks.