Connect with us

Hi, what are you looking for?

HEADLINES

Hackers using secret method to attack Chrome, Kaspersky finds

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical complexity. Kaspersky researchers have been acknowledged by Google for discovering and reporting this vulnerability.

Kaspersky has identified and helped patch a sophisticated zero-day vulnerability in Google Chrome (CVE-2025-2783) that allowed attackers to bypass the browser’s sandbox protection system. The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical complexity. Kaspersky researchers have been acknowledged by Google for discovering and reporting this vulnerability.

In mid-March 2025, Kaspersky detected a wave of infections triggered when users clicked personalized phishing links delivered via email. After clicking, no additional action was needed to compromise their systems. Once Kaspersky’s analysis confirmed that the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome, Kaspersky swiftly alerted Google’s security team. A security patch for the vulnerability was released on March 25, 2025.

Kaspersky researchers dubbed the campaign “Operation ForumTroll”, as attackers sent personalized phishing emails inviting recipients to the “Primakov Readings” forum. These lures targeted media outlets, educational institutions, and government organizations in Russia. The malicious links were extremely short-lived to evade detection, and in most cases ultimately redirected to the legitimate website for “Primakov Readings” once the exploit was taken down.

The zero-day vulnerability in Chrome was only part of a chain that included at least two exploits: a still-unobtained remote code execution (RCE) exploit that apparently launched the attack, while the sandbox escape discovered by Kaspersky constituted the second stage. Analysis of the malware’s functionality suggests the operation was designed primarily for espionage. All evidence points to an Advanced Persistent Threat (APT) group.

Advertisement. Scroll to continue reading.

“This vulnerability stands out among the dozens of zero-days we’ve discovered over the years,” said Boris Larin, principal security researcher at Kaspersky GReAT. “The exploit bypassed Chrome’s sandbox protection without performing any obviously malicious operations – it’s as if the security boundary simply didn’t exist. The technical sophistication displayed here indicates development by highly skilled actors with substantial resources. We strongly advise all users to update their Google Chrome and any Chromium-based browser to the latest version to protect against this vulnerability.”

Google has credited Kaspersky for uncovering and reporting the issue, reflecting the company’s ongoing commitment to collaboration with the global cybersecurity community and ensuring user safety. 

Kaspersky continues to investigate Operation ForumTroll. Further details, including a technical analysis of the exploits and malicious payload, will be released in a forthcoming report once Google Chrome user security is assured. Meanwhile, all Kaspersky products detect and protect against this exploit chain and associated malware, ensuring users are shielded from the threat.

Kaspersky Next EDR Expert, a core component of the comprehensive Kaspersky Next XDR (Extended Detection and Response) Expert platform, played a crucial role in detecting a wave of infections caused by previously unknown, highly sophisticated malware. Our exploit detection and protection technologies swiftly identified a zero-day exploit before it became publicly known, enabling us to thoroughly analyze its behavior and impact.

This discovery follows Kaspersky GReAT’s previous identification of another Chrome zero-day (CVE-2024-4947), which was exploited last year by the Lazarus APT group in a cryptocurrency theft campaign. In that case, Kaspersky researchers found a type confusion bug in Google’s V8 JavaScript engine that enabled attackers to bypass security features through a fake cryptogame website.

Advertisement. Scroll to continue reading.

To safeguard against sophisticated attacks like these, Kaspersky security experts recommend implementing these key protective measures:

  • Ensure timely software updates: Regularly patch your operating system and browsers—especially Google Chrome—so attackers cannot exploit newly discovered vulnerabilities.
  • Adopt a multi-layered security approach: Along with endpoint protection, consider solutions like Kaspersky Next XDR Expert that leverage AI/ML to correlate data from multiple sources and automate detection and response against advanced threats and APT campaigns.
  • Leverage threat intelligence services: Up-to-date, contextual information—such as Kaspersky Threat Intelligence—helps you stay informed about emerging zero-day exploits and the latest attacker techniques.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

This recognition underscores Kaspersky's commitment to providing robust security solutions tailored for industrial environments.

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

HEADLINES

With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats...

HEADLINES

In 2024, Globe blocked 3,096 child pornography domains or those containing child sexual abuse and exploitation materials (CSAEM), a slight increase from 3,047 domains restricted...

HEADLINES

During a recent webinar on Building Resilience Against Online Scams, hosted by fiber broadband and technology provider Converge ICT Solutions Inc., its Chief Executive...

HEADLINES

In 2024, Kaspersky restructured its Partner Program into four key partner types, recognizing the diverse profiles within its network – from traditional resellers and...

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

HEADLINES

Deepfakes pose significant threats and risks, with nearly half of companies worldwide reporting incidents in 2024, according to industry reports. HONOR’s innovative solution immediately...

Advertisement