Hook, Line, and Sinker: Chrome Patches Zero-Day Used in Phishing Attacks

  • Post author:
  • Reading time:4 mins read

In mid-March 2025, a deluge of personalized phishing emails took Russia by storm. When analyzed, the underlying vulnerability had researchers swimming in uncharted waters; they had found a new Chrome zero-day!

CVE-2025-2783 is a high-severity flaw that involves an incorrect handle provided in unspecified circumstances, potentially leading to a sandbox escape via a malicious file. The bug is present in Mojo, a collection of runtime libraries that facilitate Inter-Process Communication (IPC) across multiple platforms. Chromium browsers use Mojo to manage sandboxed processes for secure communication.

How does this exploit work?

As of March 27 2025, there isn’t much information available on the vulnerability itself. The Kaspersky researchers who discovered it have stated that they will only reveal technical details once most Chromium users have patched their browsers.

The exploit itself pertains to a phishing email that invites recipients to a scientific forum known as Primakov Readings. There are two links present within the email which claim to deliver program details and a registration form respectively. If an unsuspecting user takes the bait, they will be redirected to the attacker’s website, which will promptly infect their system with malware.

The campaign has been christened “Operation ForumTroll” by Kaspersky. The exploit is presently inactive, and the links redirect users to the official Primakov website, but Chromium users should still keep an eye out for any suspicious activity.

Products Affected

Google Chrome versions 134.0.6998.176 and below are vulnerable, and so are other Chromium-based browsers like Opera, Edge, Brave and Vivaldi.

Impact

Though the malefactors have not yet been reeled in, analysis of the malware and attack methodology suggests a high level of sophistication, hinting that a state-sponsored APT group might be pulling the strings. Operation ForumTroll primarily targeted Russian media outlets and educational institutions, presumably with espionage as the main goal.

Solution

Google wastes no time! Version 134.0.6998.177 is the patch for this flaw, so make sure to update all your browsers and stay away from any odd-looking links, since the threat actors can still reactivate the exploit mechanism.

Instantly Fix Risks with SanerNow Patch Management

SanerNow patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.