Kaspersky found and helped fix a serious zero-day vulnerability in Google Chrome (CVE-2025-2783) that let attackers get around the browser’s sandbox protection. Discovered by Kaspersky’s Global Research and Analysis Team (GReAT), the exploit required users to only click a malicious link and was technically complex. Google has recognized Kaspersky researchers for identifying and reporting this issue.
In mid-March 2025, Kaspersky detected a wave of infections from personalized phishing links in emails. Clicking these links compromised users’ systems without any further action. After confirming a new vulnerability in Google Chrome, Kaspersky promptly alerted Google’s security team, leading to a patch release on March 25, 2025.
Kaspersky researchers named the campaign “Operation ForumTroll,” where attackers sent phishing emails inviting recipients to the “Primakov Readings” forum, targeting media outlets, educational institutions, and government organizations in Russia. Malicious links were short-lived to evade detection, often redirecting to the legitimate “Primakov Readings” website after the exploit was taken down.
The attack utilized a zero-day vulnerability in Chrome, part of a chain with two exploits: an unobtained remote code execution (RCE) exploit and a sandbox escape discovered by Kaspersky. The malware analysis indicates the operation was primarily for espionage, linked to an Advanced Persistent Threat (APT) group.
“This vulnerability stands out among the dozens of zero-days we’ve discovered over the years,” said Boris Larin, principal security researcher at Kaspersky GReAT. “The exploit bypassed Chrome’s sandbox protection without performing any obviously malicious operations – it’s as if the security boundary simply didn’t exist. The technical sophistication displayed here indicates development by highly skilled actors with substantial resources. We strongly advise all users to update their Google Chrome and any Chromium-based browser to the latest version to protect against this vulnerability.”
Google acknowledged Kaspersky for identifying a security issue, highlighting its partnership with the cybersecurity community to enhance user safety. Kaspersky is further investigating Operation ForumTroll and will provide detailed technical insights in a future report once Google Chrome’s user security is confirmed. Meanwhile, Kaspersky products are equipped to detect and protect against the exploit chain and related malware, safeguarding users from potential threats.
Kaspersky Next EDR Expert, part of the Kaspersky Next XDR platform, was essential in identifying a new wave of infections from sophisticated malware, quickly detecting a zero-day exploit before public knowledge, which allowed for detailed analysis of its behavior and impact.
This discovery comes after Kaspersky GReAT identified another Chrome zero-day (CVE-2024-4947) that the Lazarus APT group exploited last year in a cryptocurrency theft. Kaspersky researchers found a bug in Google’s V8 JavaScript engine that allowed attackers to bypass security features via a fake cryptogame website.
To safeguard against sophisticated attacks like these, Kaspersky security experts recommend implementing these key protective measures:
- Ensure timely software updates: Regularly patch your operating system and browsers—especially Google Chrome—so attackers cannot exploit newly discovered vulnerabilities.
- Adopt a multi-layered security approach: Along with endpoint protection, consider solutions like Kaspersky Next XDR Expert that leverage AI/ML to correlate data from multiple sources and automate detection and response against advanced threats and APT campaigns.
- Leverage threat intelligence services: Up-to-date, contextual information—such as Kaspersky Threat Intelligence—helps you stay informed about emerging zero-day exploits and the latest attacker techniques.