Google Patches Chrome Zero-Day Vulnerability Used In Espionage Campaign

A new vulnerability in Google Chrome has been spotted by the cybersecurity firm Kaspersky. Google has confirmed the threat and issued an update including a security fix. Attackers targeted Russian journalists and educators for espionage purposes, as suggested by experts.

Kaspersky shared a document on Tuesday with more details of the vulnerability, named  CVE-2025-2783. Its Global Research and Analysis Team recognized a wave of sophisticated malware cyberattacks conducted by a state-sponsored APT group that exploited a zero-day vulnerability in Chrome.

“We immediately reported to Google; the company promptly released a patch to fix it,” states the announcement. “It’s too early to talk about technical details, but the essence of the vulnerability comes down to an error in logic at the intersection of Chrome and the Windows operating system that allows bypassing the browser’s sandbox protection.”

Kaspersky explained that Russian users from educational institutions and media professionals received a fake invitation to the Primakov Readings international economic and political science forum that included personalized phishing links. The URLs redirected users to a legitimate Primakov Readings website, but malicious actors could change the behavior of the links to start a new attack at any time.

Google thanked Kaspersky’s team for the quick notice and assured that the threat has been managed. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” wrote Google. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”

Windows users are encouraged to update the Chrome browser to the 134.0.6998.177/.178 version to avoid similar attacks.

A few days ago, Microsoft warned users about StilachiRAT malware used on Google Chrome extensions to access cryptocurrency wallets.