Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists – TechCrunch
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Google said it has fixed a vulnerability in its Chrome browser for Windows that malicious hackers have used to break into victims’ computers.In a brief note on Tuesday, Google said that it fixed the vulnerability, tracked as CVE-2025-2783, that was discovered by researchers at security firm Kaspersky earlier this month. Google said it was aware of reports that an exploit for the bug “exists in the wild.” The bug is referred to as a zero-day because the vendor — in this case, Google — was given no time to fix the bug before it was exploited.According to Kaspersky, the bug was exploited as part of a hacking campaign targeting Windows computers running Chrome. In a blog post, Kaspersky called the campaign “Operation ForumTroll” and said victims were targeted with a phishing email inviting them to a Russian global political summit. When a link in the email was clicked, victims were taken to a malicious website that immediately exploits the bug to gain access to the victim’s PC data. Kaspersky provided little detail about the bug at the time of the Chrome patch but said that the bug allowed the attackers to bypass Chrome’s sandbox protections, which limit the browser’s access to other data on the user’s computer. Kaspersky said the bug affects all other browsers based on Google’s Chromium engine.In a separate analysis, Kaspersky said the bug was likely used in an espionage campaign, typically designed to stealthily monitor and steal data from a target’s device, usually over a period of time. The Russia-headquartered security firm said the hackers sent personalized phishing emails to Russian media representatives and employees at educational institutions. It’s unclear who was exploiting the bug, but Kaspersky attributed the campaign to a likely state-sponsored or government-backed group of hackers. Browsers like Chrome are a frequent target for malicious hackers and government-backed groups. Zero-day bugs capable of breaking through their protections and into the victim’s sensitive device data can be sold at high prices. In 2024, one zero-day broker was offering up to $3 million for exploitable bugs that can be triggered from over the internet. Google said Chrome updates will roll out over the coming days and weeks.Topics
Security Editor
OpenAI’s viral Studio Ghibli moment highlights AI copyright concerns
Nvidia is reportedly in talks to acquire Lepton AI
The Lumon Terminal Pro computer pops up on Apple’s website
19 founders and VCs working with Elon Musk’s DOGE
OpenAI adopts rival Anthropic’s standard for connecting AI models to data
Rivian spins out a new micromobility startup called Also with $105M from Eclipse
Read the email Jack Dorsey sent when he cut 931 of Block’s staff
© 2025 Yahoo.
