In the latest discovery, Kaspersky Lab exposed a highly sophisticated cyber attack, dubbed “Operation ForumTroll,” that leverages a critical zero-day vulnerability in Google Chrome. The campaign, detected in mid-March 2025, demonstrates an unprecedented level of cyber intrusion targeting media outlets and educational institutions in Russia.
The attack’s methodology is chillingly simple yet advanced. Victims receive personalized phishing emails disguised as invitations to the “Primakov Readings” scientific forum.
A single click on the malicious link triggers a complex exploit chain that bypasses Google Chrome’s sandbox protection, a critical security mechanism designed to isolate web content.
What makes this attack remarkable is its exploitation of CVE-2025-2783. This zero-day vulnerability effectively neutralizes Chrome’s sandbox protection through a subtle logical error at the intersection of the browser and the Windows operating system.
Kaspersky researchers noted that the exploit allowed attackers to breach security restrictions without triggering any obvious warning signs.
The cybersecurity firm’s rapid response was crucial. Upon detection, they immediately reverse-engineered the exploit code and reported the vulnerability to Google’s security team. Google has also released an updated patch for CVE-2025-2783 on the stable channel, marking the exploit as in-wild.
Kaspersky’s analysis suggests this is not a typical cybercrime operation but a highly sophisticated attack likely conducted by a state-sponsored Advanced Persistent Threat (APT) group. The malware’s primary objective appears to be espionage, with a carefully crafted approach that minimizes detection risks.
While the full technical details have yet to be published—Kaspersky plans to release them after most users have updated their browsers—the initial findings paint a concerning picture of evolving cyber threats. The exploit was designed to work with an additional remote code execution exploit, though researchers could not obtain the complete attack chain without risking further user exposure.
The key takeaway for users and organizations is clear: maintaining up-to-date software, exercising caution with email links, and implementing robust cybersecurity practices are more critical than ever. As cyber attacks become increasingly sophisticated, vigilance remains our strongest defense.
Kaspersky has already updated its security products to detect the exploits used in this attack, providing protection against this specific threat. Users are strongly advised to update their Google Chrome browsers and remain alert to suspicious communications.