ByDavey Winder,
Senior Contributor.
That the Google Chrome web browser is under seemingly constant attack should come as no surprise to anyone. After all, with 3.5 billion users, it’s by far the most popular browser on the planet and, as such, a massive target for any hacker. Thankfully, Google’s security team is not adverse to releasing emergency security updates as critical vulnerabilities are disclosed, most recently with two in the space of just two weeks. Such was also the case back in March when the CVE-2025-2783 Chrome security sandbox-escaping vulnerability was confirmed as being exploited in the wild to attack targets in Russia. Now, Boris Larin, a principal security researcher with Kaspersky, has revealed how that attack, known as Operation ForumTroll, is thought to have been carried out using tools linked to Hacking Team spyware.
The Operation ForumTroll attacks started in March 2025, when Kaspersky first detected a surge in malware infections being distributed to primarily Russia-based targets using good old-fashioned phishing links in emails. These links, once clicked, took the victim, for that is what they now were, to a malicious site where no further action was required to initiate the infection, provided that the Chrome, or a Chrome-based, browser was being used. The “sophisticated aged zero-day exploit” being employed was, according to Larin in a newly published technical analysis, confirmed by Google’s security team and identified as CVE-2025-2783.
