Google has addressed a security flaw in its Chrome browser for Windows that was being exploited by cybercriminals.
The vulnerability, identified as CVE-2025-2783, was discovered by Kaspersky, a cybersecurity firm, earlier this month.
This flaw, which existed without a fix for a short period, is classified as a zero-day vulnerability. It allowed hackers to bypass Chrome’s security measures, giving them unauthorized access to sensitive data on affected computers.
Researchers believe the vulnerability was used in a targeted hacking operation known as “Operation ForumTroll.”
The attack began with phishing emails sent to potential victims, tricking them into clicking on a link that led to a harmful website.
Once the website was visited, the flaw was exploited, granting hackers control over the victim’s device.
Kaspersky reported that this flaw not only affected Chrome but also other browsers built on Google’s Chromium engine.
The cyberattack seemed to focus on espionage, particularly against Russian media and educational sector employees.
While it is unclear who was behind the attack, Kaspersky suspects that the hackers were linked to a state-supported group.
Browsers like Chrome remain prime targets for cyberattacks due to their wide user base, and exploits like these can be sold for high sums on the black market.
Google has started rolling out updates for Chrome to fix the vulnerability, which will be available over the next few days.
