Kaspersky has identified and helped patch a sophisticated zero-day vulnerability in Google Chrome (CVE-2025-2783) that allowed attackers to bypass the browser’s sandbox protection system. The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical complexity. Kaspersky researchers have been acknowledged by Google for discovering and reporting this vulnerability.
In mid-March 2025,
Kaspersky detected a wave of infections triggered when users clicked
personalized phishing links delivered via email. After clicking, no additional
action was needed to compromise their systems. Once Kaspersky’s analysis
confirmed that the exploit leveraged a previously unknown vulnerability in the
latest version of Google Chrome, Kaspersky swiftly alerted Google’s security
team. A security patch for the vulnerability was released on March 25, 2025.
Kaspersky researchers
dubbed the campaign “Operation ForumTroll”, as attackers sent personalized
phishing emails inviting recipients to the “Primakov Readings” forum. These
lures targeted media outlets, educational institutions, and government
organizations in Russia. The malicious links were extremely short-lived to
evade detection, and in most cases ultimately redirected to the legitimate
website for “Primakov Readings” once the exploit was taken down.
The zero-day
vulnerability in Chrome was only part of a chain that included at least two
exploits: a still-unobtained remote code execution (RCE) exploit that
apparently launched the attack, while the sandbox escape discovered by
Kaspersky constituted the second stage. Analysis of the malware’s functionality
suggests the operation was designed primarily for espionage. All evidence points
to an Advanced Persistent Threat (APT) group.
“This vulnerability stands out
among the dozens of zero-days we’ve discovered over the years,” said Boris Larin, principal security
researcher at Kaspersky GReAT. “The exploit bypassed
Chrome’s sandbox protection without performing any obviously malicious
operations – it’s as if the security boundary simply didn’t exist. The technical
sophistication displayed here indicates development by highly skilled actors
with substantial resources. We strongly advise all users to update their Google
Chrome and any Chromium-based browser to the latest version to protect against
this vulnerability.”
Google has credited Kaspersky for uncovering and
reporting the issue, reflecting the company’s ongoing commitment to
collaboration with the global cybersecurity community and ensuring user
safety.
Kaspersky continues to
investigate Operation ForumTroll. Further details, including a technical
analysis of the exploits and malicious payload, will be released in a
forthcoming report once Google Chrome user security is assured. Meanwhile, all
Kaspersky products detect and protect against this exploit chain and associated
malware, ensuring users are shielded from the threat.
Kaspersky Next EDR
Expert, a core component of the comprehensive Kaspersky Next XDR (Extended
Detection and Response) Expert platform, played a crucial role in detecting a
wave of infections caused by previously unknown, highly sophisticated malware.
Our exploit detection and protection technologies swiftly identified a zero-day
exploit before it became publicly known, enabling us to thoroughly analyze its
behavior and impact.
This discovery follows
Kaspersky GReAT’s previous identification of another Chrome zero-day
(CVE-2024-4947), which was exploited last year by the Lazarus APT group in a
cryptocurrency theft campaign. In that case, Kaspersky researchers found a type
confusion bug in Google’s V8 JavaScript engine that enabled attackers to bypass
security features through a fake cryptogame website.
To safeguard against
sophisticated attacks like these, Kaspersky security experts recommend
implementing these key protective measures:
- Ensure timely software
updates: Regularly patch your operating system and browsers—especially Google
Chrome—so attackers cannot exploit newly discovered vulnerabilities.
- Adopt a multi-layered
security approach: Along with endpoint protection, consider solutions
like Kaspersky Next XDR Expert that
leverage AI/ML to correlate data from multiple sources and automate detection
and response against advanced threats and APT campaigns.
- Leverage threat
intelligence services: Up-to-date, contextual information—such as Kaspersky Threat Intelligence—helps
you stay informed about emerging zero-day exploits and the latest attacker
techniques.
About the Global Research &
Analysis Team
Established in 2008,
Global Research & Analysis Team (GReAT) operates at the very heart of
Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware,
ransomware and underground cyber-criminal trends across the world. Today GReAT
consists of 30+ experts working globally – in Europe, Russia, Latin America,
Asia and the Middle East. Talented security professionals provide company
leadership in anti-malware research and innovation, bringing unrivaled
expertise, passion and curiosity to the discovery and analysis of cyberthreats.
