Chrome Patches Operation ForumTroll Zero-Day Vulnerability

If you use Chrome on a PC, you should update your browser ASAP to ensure you’re using the version that patches a new zero-day vulnerability. The vulnerability affects any browser based on Chromium — including Chrome, Brave, Edge, Opera, Vivaldi and more — so if you use a Chrome alternative, keep an eye out for updates, too.

On Tuesday, March 25, Google posted a Chrome bug update that announced it had fixed the zero-day vulnerability CVE-2025-2783 for Chrome on PCs. The vulnerability was discovered in mid-March by Kaspersky, a Russian cybersecurity firm, which reported it to Google.

The vulnerability was an error in logic between Chrome and the Windows OS that allowed the potential to bypass Chrome’s sandbox protection, according to Kapersky’s report. 

The bug is called a zero-day vulnerability because actors could exploit it before the error was fixed. Chrome has patched the bug — users just need to update their browser version. 

Luckily, Kapersky says this particular attack is also no longer active; it targeted Russian media outlets and educational institutions in what the company is now calling the Operation ForumTroll attack. 

In this attack, victims received personalized phishing emails with links to the attackers’ website. When the link was opened using Chrome on a PC, the attackers could bypass Chrome’s sandbox protection. 

Kaspersky says this attack was designed to be used in conjunction with another exploit that enabled remote code execution. Because of this, the company believes the attack to come from a state-sponsored APT group with intentions of espionage. 

Make sure you don’t fall victim to cybercrime like phishing: read our phishing guide and our guide to avoiding online scams. Be skeptical of links in emails — when in doubt, search for the information online and use those links instead.