Kaspersky discovered and helped fix a high-severity zero-day vulnerability (CVE-2025-2783) in Google Chrome that allowed attackers to bypass the browser's sandbox protection system. The vulnerability was discovered by Kaspersky's Global Research and Analysis Team (GReAT). In addition to clicking on the malicious link, the user does not need to perform any interactive operations, showing extremely high technical complexity. Google has confirmed that Kaspersky researchers discovered and reported the vulnerability.
In mid-March 2025, Kaspersky Lab detected a wave of large-scale infections caused by users clicking on personalized phishing links sent via email. Once the link is clicked, the system is compromised without requiring the victim to take any additional action. Kaspersky analysis confirmed that the flaw exploited an unknown vulnerability in the latest version of Google Chrome, and quickly alerted Google's security team. A security patch for this vulnerability was released on March 25, 2025.
Kaspersky researchers dubbed the campaign Operation ForumTroll because the attackers sent personalized phishing emails inviting recipients to the "Primakov Book Club" forum. The decoys targeted Russian media outlets, educational institutions, and government organizations. These malicious links live for a very short time to evade detection and in most cases end up redirecting to the legitimate website of "Primakov Readings" once the exploit is removed.
The zero-day vulnerability in Chrome was just one part of an attack chain that included at least two exploits: a yet-to-be-obtained remote code execution (RCE) exploit that apparently launched the attack, while a sandbox escape discovered by Kaspersky formed the second stage of the attack. Analysis of the malware's capabilities revealed that the primary purpose of this operation was espionage. All evidence points to an Advanced Persistent Threat (APT) group.
"This vulnerability stands out among the dozens of zero-day vulnerabilities we have discovered over the years," said Boris Larin, principal security researcher at Kaspersky's Global Research and Analysis Team (GReAT). "The exploit does not perform any overt malicious actions when bypassing Chrome sandbox protections – it is as if the security perimeter does not exist at all. The technical complexity displayed here shows that the developers are highly skilled individuals with significant resources. We strongly recommend that all users use Google Chrome and any Chromium-based browser Update your browser to the latest version to protect against this vulnerability."
Google expresses its gratitude to Kaspersky for discovering and reporting this issue, which reflects the company's ongoing commitment to working with the global cybersecurity community and ensuring the safety of its users.
Kaspersky will continue to investigate Operation ForumTroll and will release more details in an upcoming report, including technical analysis of exploits and malicious payloads, once the safety of Google Chrome users is assured. At the same time, all Kaspersky products can detect and prevent this vulnerability exploit chain and related malware to ensure that users are protected from threats.
Kaspersky Next EDR Expert Edition, as the core component of Kaspersky Next XDR (Extended Detection and Response) expert platform, plays a key role in detecting this wave of infections caused by unknown and highly sophisticated malware. Our exploit detection and prevention technology identified this zero-day vulnerability before it became public, allowing us to fully analyze its behavior and impact.
This discovery follows the discovery of another Chrome zero-day vulnerability (CVE-2024-4947) by Kaspersky’s Global Research and Analysis Team (GReAT) last year, which was used by the Lazarus APT group for cryptocurrency theft last year. In that case, Kaspersky researchers discovered a type confusion vulnerability in Google's V8 JavaScript engine that allowed attackers to bypass security features via a fake cryptocurrency gaming website.
To protect against sophisticated attacks like this, Kaspersky security experts recommend the following key protective measures
· Make sure your software is updated: Regularly install patches for operating systems and browsers (especially Google Chrome) so attackers can't exploit newly discovered vulnerabilities.
· Adopt a multi-level security protection strategy: In addition to endpoint protection, it is recommended to deploy solutions such as Kaspersky Next XDR Expert Edition. Such solutions use artificial intelligence/machine learning (AI/ML) technology to achieve automated detection and response of advanced threats and APT attack activities by correlating multiple source data.
· Leverage threat intelligence services: Latest contextual information like Kaspersky Threat Intelligence helps you stay informed about emerging zero-day vulnerabilities and the latest attack techniques.
About the Global Research and Analysis Team
Founded in 2008, the Global Research and Analysis Team (GReAT) is Kaspersky's core department responsible for uncovering APTs, cyberespionage, significant malware, ransomware and global cybercriminal underground trends. Currently, GReAT consists of more than 40 experts working globally in Europe, Russia, the Americas, Asia and the Middle East. These talented security professionals provide leadership for the company's anti-malware research and innovation, bringing unparalleled expertise, passion and curiosity to discover and analyze cyber threats.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. To date, Kaspersky has protected more than a billion devices from emerging cyber threats and targeted attacks. Kaspersky continues to transform deep threat intelligence and security technology into innovative security solutions and services to protect enterprises, critical infrastructure, governments and consumers around the world. The company offers a comprehensive security portfolio, including leading endpoint protection solutions and a variety of targeted security solutions and services, as well as cyber immunity solutions to combat complex and evolving digital threats. We also help 200,000 enterprise customers around the world protect what matters most. For more details, please visit www.kaspersky.com.
