Google said it fixed a vulnerability in the Chrome browser for Windows that a malicious hacker used to infiltrate the victim's computer.
In a brief note on Tuesday, Google said it had fixed a vulnerability tracked as CVE-2025-2783. This was discovered earlier this month by researchers at security company Kaspersky.
Google said it is aware of reports that bug exploitation is “existing in the wild.” The bug is called zero day because the vendor (in this case Google) was not given time to fix the bug before it was exploited.
According to Kaspersky, the bug was exploited as part of a hacking campaign targeting Windows computers running Chrome.
In a blog post, Kaspersky called the campaign “Operation Forum Troll” and said the victim was targeted in a phishing email invites to Russia's Global Politics Summit. When the email link was clicked, the victim was brought to a malicious website and immediately exploited the bug to access the victim's PC data.
Kaspersky provided little detail about the bug at the time of the Chrome patch, but this bug allowed attackers to bypass Chrome's sandbox protection and restricted browser access to other data on the user's computer. According to Kaspersky, the bug affects all other browsers based on Google's Chromium engine.
In another analysis, Kaspersky said the bug is likely to be used in spy campaigns. It is usually designed to stealthen and steal data from the target device. The Russian-based security guard said the hackers sent personalized phishing emails to Russian media representatives and employees at the educational institution.
It is unclear who is exploiting the bug, but Kaspersky attributed the campaign to a state-sponsored or government-sponsored group of hackers.
Browsers like Chrome are frequently targets of malicious hackers and government support groups. Zero-day bugs that can break through protection and bugs to victims' confidential device data can be sold at a higher price. In 2024, a zero-day broker offered up to $3 million for exploitable bugs that could be triggered from the internet.
Google said Chrome updates will be rolled out in the coming days and weeks.