Another day, another Chrome vulnerability. Google just squashed a high-severity zero-day flaw (CVE-2025-2783) that was actively exploited in the wild—because why wait for patches when you can hack now? The bug, a messy Mojo handle issue on Windows, let attackers bust out of Chrome’s sandbox and deploy malware. Classy.
Table of Contents
Operation ForumTroll: Phishing with a Side of Espionage
Kaspersky researchers uncovered the flaw while tracking a “spike in infections” targeting Russian orgs. The attack chain? Phishing emails ? fake “Primakov Readings” forum invites ? malicious site ? boom, sandbox escape. Dubbed Operation ForumTroll, the campaign’s goal was likely espionage—because nothing says “diplomacy” like stealth malware.
Good news: Updating to Chrome 134.0.6998.178 breaks the attack. Bad news: If you’re still on an older version, you’re basically holding a “Hack Me” sign.
Google’s Vague Defense (and Kaspersky’s Heroics)
Google’s advisory was typically cryptic—no details on victims or attackers, just a shoutout to Kaspersky’s Boris Larin and Igor Kuznetsov. Meanwhile, Kaspersky revealed the hackers also leveraged a separate RCE flaw. Efficiency!
Bottom line: Update Chrome. Today. Or risk becoming part of someone’s cyber-espionage fanfic.
