While most users were casually browsing the web, a sophisticated espionage campaign was silently targeting Russian organizations through a dangerous Chrome vulnerability. Google just patched this high-severity security flaw, tracked as CVE-2025-2783, in Chrome version 134.0.6998.177/.178. It’s the first actively exploited Chrome zero-day of 2025, and boy, it’s a doozy.
Security analysts uncovered a sophisticated espionage campaign targeting Russian organizations through a critical Chrome vulnerability that Google just patched.
Kaspersky researchers Boris Larin and Igor Kuznetsov spotted the attacks in mid-March. They dubbed it “Operation ForumTroll” because, well, the attackers were sending personalized phishing emails inviting targets to the “Primakov Readings” forum. Click the link, and you’re compromised. No further action needed. How convenient.
The exploit is technically sophisticated and targeted, bypassing Chrome’s sandbox protection with ease. It’s not your average script kiddie operation. The attackers went after media outlets, educational institutions, and government organizations in Russia specifically. Their goal? Classic espionage. Nothing new under the sun there.
What makes this attack special is its technical complexity. The exploit chain included at least two components – a remote code execution exploit and a Chrome sandbox escape. The techniques mirror those previously used for watering hole tactics in campaigns against Mongolian government websites. These links weren’t hanging around either; they disappeared quickly to avoid detection. Sneaky.
Google didn’t waste time. They released an out-of-band fix on March 25, acknowledging Kaspersky’s crucial role in discovering and reporting the vulnerability. They’re urging users to update immediately, which is probably solid advice considering the circumstances.
Security experts suspect a state-sponsored APT group is behind this campaign. Small businesses are particularly vulnerable to similar sophisticated attacks, with 60% shutting down within six months after experiencing a successful cyber breach. The high level of technical skill points to serious resources. Some have noted similarities to previous APT29 (Cozy Bear) operations. Others suggest commercial surveillance vendors might have supplied the exploits.
The attack signals a growing threat to secure communications platforms. WhatsApp and Telegram could be next. Military and government communications remain prime targets, and the demand for offensive cyber capabilities isn’t slowing down. But hey, at least we got a patch. Security professionals recommend implementing multi-layered security approaches with comprehensive solutions to protect against such advanced threats.
