Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions

The high-risk security flaw affects Google Chrome for Windows, and doesn't require any user interaction.

Written by David Delima | Updated: 28 March 2025 12:47 IST

Highlights

Google has fixed a flaw that allows attackers to bypass its security
The exploit would be triggered once a user clicked on a phishing link
Google has credited Kaspersky with detecting the security flaw

Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions

Chrome users on Windows PCs should update to the latest version that patches the flaw

Photo Credit: Unsplash/ @firmbee

Google has fixed a serious security vulnerability affecting its Google Chrome browser, that allowed attackers to bypass its security features. The flaw was discovered by Kaspersky's Global Research and Analysis Team (GReAT), and was reportedly used to target media outlets, educational institutions, and government organisations. Google Chrome users should update their browser in order to remain protected against the vulnerability, and other Chromium-based browsers are also expected to receive an update that resolves the issue in the coming days.

Attackers Sent Personalised Phishing Emails as Part of 'Operation ForumTroll'

According to details shared by the security firm, an advanced persistent threat (APT) group is suspected to have run a campaign dubbed Operation ForumTroll to take advantage of a zero-day (previously unknown, undetected) vulnerability in Google Chrome for Windows, identifed as CVE-2025-2783.

The attackers would send personalised phishing emails to persons from media outlets, educational institutions, and government organisations located in Russia. These emails would invite them to join the “Primakov Readings” forum. Kaspersky claims that the links would expire quickly, and would eventually send users to the real forum.

Malicious Machine Learning Models Discovered on Hugging Face: Report

What is most notable about the security exploit is that it allowed an attacker to use a maliciously crafted file to escape the sandbox protection system on Google Chrome. The security flaw impacted Google Chrome on Windows, and did not require users to interact with the malware in any way, after they clicked on the link.

Boris Larin, principal security researcher at Kaspersky GReAT, explains that the exploit managed to completely disregard Chrome's security boundaries, and without triggering any obvious malicious actions. “This vulnerability stands out among the dozens of zero-days we've discovered over the years,” he added.

The security firm disclosed the vulnerability to Google, and a patch for the CVE-2025-2783 vulnerability was included with the update to Google Chrome for Windows 134.0.6998.177 /.178, which began rolling out on Tuesday. Google has credited Kaspersky with discovering the vulnerability and users should update their browser to remain protected against the flaw.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.