Google announced it has patched a security flaw in its Chrome browser for Windows that was exploited by malicious hackers to compromise victims' devices.
In a brief statement released Tuesday, Google said it had patched the vulnerability identified as CVE-2025-2783, discovered earlier this month by researchers at the cybersecurity firm Kaspersky.
Google said it was aware of reports that the flaw had been actively exploited. The vulnerability is considered a zero-day because it was exploited before the company had time to patch it.
According to Kaspersky, this flaw was used as part of a hacking campaign targeting Windows computers running Chrome.
In a blog post, Kaspersky dubbed the campaign Operation ForumTroll, stating that victims were targeted by a phishing email inviting them to attend an international political summit in Russia.
By clicking on the link in the message, victims were redirected to a malicious website that immediately exploited the vulnerability to access data on the targeted device.
Kaspersky did not provide many technical details about the flaw at the time of the Chrome patch release, but said it allowed attackers to bypass Chrome's protections, which are designed to limit the browser's access to other data on the device.
The Russian cybersecurity company also clarified that the flaw affected all browsers based on Google's Chromium engine.
In a separate analysis, Kaspersky estimated that this flaw was used in an espionage campaign, intended to surreptitiously monitor and steal data over an extended period.
The hackers sent personalized phishing emails to Russian media representatives and employees of educational institutions.
The exact identity of those responsible for exploiting this vulnerability remains unknown, but Kaspersky attributes the campaign to a hacking group likely sponsored or supported by a state.
Browsers like Chrome are common targets for malicious hackers and government-backed groups.
Zero-day vulnerabilities, capable of bypassing protections and accessing sensitive data on a device, can fetch very high prices.
In 2024, a zero-day broker was offering up to $3 million for vulnerabilities that could be exploited remotely over the internet.
Google has announced that Chrome updates will be rolling out in the coming days and weeks.
