Summary: Google has released a patch for a critical vulnerability (CVE-2025-2783) in its Chrome browser that was exploited in a state-sponsored cyberespionage campaign. Kaspersky identified this vulnerability as part of a sophisticated attack targeting Russian organizations, utilizing drive-by downloads through phishing techniques. The patch was expedited following the discovery of a sandbox escape flaw that compromised Chrome’s security measures.
Affected: Google Chrome
Keypoints :
- Vulnerability CVE-2025-2783 exploited by nation-state actors in a cyberespionage campaign dubbed Operation ForumTroll.
- Attackers used phishing emails to lure victims into clicking malicious links, leading to system compromise.
- Initial zero-day exploit bypassed Chrome’s sandbox, indicating a logical error at the intersection with the Windows OS.
Source: https://www.securityweek.com/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky/