Ethical Hacking News
Google has patched a critical Chrome zero-day exploit used in espionage campaigns targeting Russian organizations, bringing some relief to users. The vulnerability, identified as CVE-2025-2783, allowed attackers to bypass sandbox protections and deploy malware, raising concerns about the potential for widespread cyber-attacks.
Google has patched a critical zero-day vulnerability (CVE-2025-2783) in Chrome browser that was being exploited by hackers in Russian espionage campaigns. The vulnerability allowed attackers to escape the browser's sandbox and deploy malware, raising concerns about widespread cyber-attacks. The exploit was used in a phishing email campaign called Operation ForumTroll targeting Russian organizations. Google has taken steps to rectify the issue with a patch that disables the entire exploit chain and blocked potential attacks. Cybersecurity experts emphasize the importance of keeping software up to date and monitoring for suspicious activity in light of this incident.
Google has taken swift action to address a critical zero-day vulnerability in its Chrome browser that was being exploited by hackers in sophisticated espionage campaigns targeting Russian organizations. The vulnerability, identified as CVE-2025-2783, allowed attackers to escape the browser's sandbox and deploy malware, raising concerns about the potential for widespread cyber-attacks.
The discovery of this critical vulnerability was attributed to researchers at Kaspersky, who described it as an "incorrect handle provided in unspecified circumstances in Mojo on Windows." The company subsequently released a security advisory and patched versions of Chrome that addressed the vulnerability.
Google has acknowledged that the exploit for CVE-2025-2783 exists in the wild and has taken steps to rectify the issue. The company's patch, which was available for users in the Stable Desktop channel, included a fix for Windows (134.0.6998.178) users. Although the update was rolling out over time, it was made immediately available when BleepingComputer checked for updates.
While Google has provided limited details regarding the specific attacks that utilized this exploit, Kaspersky researchers have shed more light on the situation. They reported that attackers were using phishing emails to redirect victims to a suspicious domain called primakovreadings[.]info as part of Operation ForumTroll, a cyber-espionage campaign targeting Russian organizations.
The attack vector used by attackers involved exploiting CVE-2025-2783 exploits to bypass Chrome sandbox protections and infect targets with sophisticated malware. Additionally, researchers discovered that attackers employed another exploit that enabled remote code execution on compromised systems.
The malicious emails sent as part of Operation ForumTroll were invitations from the organizers of a supposedly scientific and expert forum called "Primakov Readings." These messages targeted media outlets, educational institutions, and government organizations in Russia, indicating the scope and potential impact of this cyber-espionage campaign.
Google's patch for Chrome has effectively disabled the entire exploit chain and blocked potential attacks. This development marks the first Chrome zero-day patched since the start of 2025, following a string of high-severity vulnerabilities addressed by Google last year.
In light of this incident, cybersecurity experts emphasize the importance of keeping software up to date and vigilantly monitoring for suspicious activity. The vulnerability highlighted by Kaspersky and exploited by hackers in Operation ForumTroll serves as a stark reminder of the ever-evolving nature of cyber threats and the need for robust security measures to protect against them.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Fixes-Critical-Chrome-Zero-Day-Exploit-Used-in-Espionage-Campaigns-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-exploited-in-espionage-campaign/
https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html
https://nvd.nist.gov/vuln/detail/CVE-2025-2783
https://www.cvedetails.com/cve/CVE-2025-2783/
https://www.kaspersky.com/blog/forum-troll-apt-with-zero-day-vulnerability/53215/
https://ics-cert.kaspersky.com/publications/reports/2025/03/25/apt-and-financial-attacks-on-industrial-organizations-in-q4-2024/
Published: Wed Mar 26 02:46:11 2025 by llama3.2 3B Q4_K_M
