In March 2025, Google addressed a significant security vulnerability in its Chrome browser for Windows, identified as CVE-2025-2783. This high-severity flaw was actively exploited in sophisticated cyberattacks targeting Russian entities. The vulnerability involved incorrect handle management within Mojo, a set of runtime libraries facilitating inter-process communication in Chrome. Exploitation of this flaw allowed attackers to bypass Chrome’s sandbox protections, leading to potential remote code execution.
The attacks were part of a campaign dubbed Operation ForumTroll, uncovered by Kaspersky researchers Boris Larin and Igor Kuznetsov. Victims received phishing emails containing links to malicious websites. Upon clicking these links in Chrome, the exploit was triggered without further user interaction. The phishing emails impersonated invitations from the Primakov Readings, a legitimate scientific forum, and targeted media outlets, educational institutions, and government organizations in Russia.
Google promptly released an out-of-band update to mitigate this vulnerability, urging users to update to Chrome version 134.0.6998.177/.178. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, were also advised to apply the necessary updates as they became available.
This incident underscores the critical importance of timely software updates and vigilance against phishing attempts. Organizations are encouraged to implement robust cybersecurity measures, including regular software updates, employee training on recognizing phishing schemes, and the use of multi-factor authentication to enhance security postures.
