Kaspersky discovers sophisticated Chrome zero-day exploit used in active attacks
The exploit, discovered by Kaspersky's Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical complexity. Kaspersky researchers have been acknowledged by Google for discovering and reporting this vulnerability.
In mid-March 2025, Kaspersky detected a wave of infections triggered when users clicked personalised phishing links delivered via email. After clicking, no additional action was needed to compromise their systems. Once Kaspersky's analysis confirmed that the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome, Kaspersky swiftly alerted Google's security team. A security patch for the vulnerability was released on March 25, 2025.
Kaspersky researchers dubbed the campaign 'Operation ForumTroll', as attackers sent personalised phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions, and government organisations in Russia. The malicious links were extremely short-lived to evade detection, and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down.
The zero-day vulnerability in Chrome was only part of a chain that included at least two exploits: a still-unobtained remote code execution (RCE) exploit that apparently launched the attack, while the sandbox escape discovered by Kaspersky constituted the second stage. Analysis of the malware's functionality suggests the operation was designed primarily for espionage. All evidence points to an Advanced Persistent Threat (APT) group.
'This vulnerability stands out among the dozens of zero-days we've discovered over the years', said Boris Larin, principal security researcher at Kaspersky GReAT. 'The exploit bypassed Chrome's sandbox protection without performing any obviously malicious operations – it's as if the security boundary simply didn't exist. The technical sophistication displayed here indicates development by highly skilled actors with substantial resources. We strongly advise all users to update their Google Chrome and any Chromium-based browser to the latest version to protect against this vulnerability'.
Google has credited Kaspersky for uncovering and reporting the issue, reflecting the company's ongoing commitment to collaboration with the global cybersecurity community and ensuring user safety.
Kaspersky continues to investigate Operation ForumTroll. Further details, including a technical analysis of the exploits and malicious payload, will be released in a forthcoming report once Google Chrome user security is assured. Meanwhile, all Kaspersky products detect and protect against this exploit chain and associated malware, ensuring users are shielded from the threat.
This discovery follows Kaspersky GReAT's previous identification of another Chrome zero-day (CVE-2024-4947), which was exploited last year by the Lazarus APT group in a cryptocurrency theft campaign. In that case, Kaspersky researchers found a type confusion bug in Google's V8 JavaScript engine that enabled attackers to bypass security features through a fake cryptogame website.
To safeguard against sophisticated attacks like these, Kaspersky security experts recommend implementing these key protective measures:
Ensure timely software updates: Regularly patch your operating system and browsers—especially Google Chrome—so attackers cannot exploit newly discovered vulnerabilities.
Adopt a multi-layered security approach: Along with endpoint protection, consider solutions like Kaspersky Next XDR Expert that leverage AI/ML to correlate data from multiple sources and automate detection and response against advanced threats and APT campaigns.
Leverage threat intelligence services: Up-to-date, contextual information—such as Kaspersky Threat Intelligence—helps you stay informed about emerging zero-day exploits and the latest attacker techniques.
Image Credit: Kaspersky
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
4 hours ago
- Khaleej Times
'Flight Deals': Google launches new AI-powered search tool for 'best bargains'
On August 14, Google introduced a new AI-powered search tool called 'Flight Deals'. The tech giant said that the tool is "designed for flexible travellers whose number one goal is saving money on their next trip". In a blog post detailing how it works, Google said that users can just describe when, where and how they'd like to travel "as though you're talking to a friend" to uncover top deals. Users can search something like 'week-long trip this winter to a city with great food, nonstop only' to see the "best bargains available" across destinations. The blog post said: "What makes Flight Deals unique is that it uses Google's advanced AI to understand the nuances of what you're looking for and identify matching destinations. Then, it'll tap into real-time Google Flights data to quickly show you relevant, up-to-date options from hundreds of airlines and booking sites." This feature will be rolling out in the coming week in the US, Canada and India. Flight Deals is being launched in beta to gather feedback as of now. The original Google Flights will continue to stay.
Tahawul Tech
a day ago
- Tahawul Tech
Kaspersky highlights biometric, signature risks with attempts up by 21.2% in UAE
Kaspersky has detected and blocked over 142 million phishing link clicks globally in Q2 2025, the UAE saw a 21.2% increase from Q1 in phishing attempts. Currently phishing is going through a shift driven by sophisticated AI-powered deception techniques and innovative evasion methods. Cybercriminals are exploiting deepfakes, voice cloning and trusted platforms like Telegram and Google Translate to steal sensitive data, including biometrics, electronic signatures and handwritten signatures, posing unprecedented risks to individuals and businesses. AI-powered tactics transforming phishing attacks AI has elevated phishing into a highly personalized threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams. AI-driven bots on social media and messaging apps impersonate real users, engaging victims in prolonged conversations to build trust. These bots often fuel romantic or investment scams, luring victims into fake opportunities with AI-generated audio messages or deepfake videos. Attackers also create realistic audio and video deepfake impersonations of trusted figures — colleagues, celebrities or even bank officials — to promote fake giveaways or extract sensitive information. For instance, automated calls mimicking bank security teams use AI-generated voices to trick users into sharing two-factor authentication (2FA) codes, enabling account access or fraudulent transactions. Additionally, AI-powered tools analyze public data from social media or corporate websites to launch targeted attacks, such as HR-themed emails or fake calls referencing personal details. Employing new tactics to bypass detection Phishers are deploying sophisticated methods to gain trust, exploiting legitimate services to prolong their campaigns. For instance, Telegram's Telegraph platform, a tool to publish long texts, is used to host phishing content. Google Translate's page translation feature generates links that look like and are used by attackers to bypass security solutions' filters. Attackers now also integrate CAPTCHA, a common anti-bot mechanism, into phishing sites before directing users to the malicious page itself. By using CAPTCHA, these fraudulent pages deflect anti-phishing algorithms, as the presence of CAPTCHA is often associated with trusted platforms, lowering the likelihood of detection. A switch in hunting: from logins and passwords to biometrics and signatures The focus has shifted from passwords to immutable data. Attackers target biometric data through fraudulent sites that request smartphone camera access under pretexts like account verification, capturing facial or other biometric identifiers that cannot be changed. These are used for unauthorized access to sensitive accounts or sold on the dark web. Similarly, electronic and handwritten signatures, critical for legal and financial transactions, are stolen via phishing campaigns impersonating platforms like DocuSign or prompting users to upload signatures to fraudulent sites, posing significant reputational and financial risks to businesses. 'The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords — they're targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defenses. Users must stay increasingly skeptical and proactive to avoid falling victim,' said Olga Altukhova, security expert at Kaspersky. Earlier in 2025 Kaspersky detected a sophisticated targeted phishing campaign which was dubbed Operation ForumTroll, as attackers sent personalized phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions and government organizations in Russia. After clicking on the link in the email, no additional action was needed to compromise their systems: the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome. The malicious links were extremely short-lived to evade detection and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down. To be protected from phishing, Kaspersky recommends: Verify unsolicited messages, calls, or links, even if they appear legitimate. Never share 2FA codes. Scrutinize videos for unnatural movements or overly generous offers, which may indicate deepfakes. Deny camera access requests from unverified sites and avoid uploading signatures to unknown platforms. Limit sharing sensitive details online, such as document photos or sensitive work information. Use Kaspersky Next (in corporate environments) or Kaspersky Premium (for individual use) to block phishing attempts.
Channel Post MEA
a day ago
- Channel Post MEA
Oracle Integrates Google's Gemini AI
Oracle and Google Cloud have expanded their partnership to offer customers access to Google's most advanced AI models, starting with Gemini 2.5, via Oracle Cloud Infrastructure (OCI) Generative AI service. Oracle customers can now utilize the latest Gemini models to build AI agents for a wide range of use cases including multimodal understanding, advanced coding and software development tasks, productivity and workflow automation, and research and knowledge retrieval. Oracle plans to make Google's entire range of Gemini models available via OCI Generative AI service through new integrations with Vertex AI, including cutting edge models for video, image, speech, and music generation and specialized industry models like MedLM. In the future, Oracle will collaborate with Google Cloud to make Gemini models via Vertex AI available as an option within Oracle Fusion Cloud Applications, providing customers with a broader choice to enhance workflows in finance, HR, supply chain, sales, service, and marketing. Oracle customers can use their existing Oracle Universal Credits to start leveraging Google's Gemini models. 'Today, leading enterprises are using Gemini to power AI agents across a range of use cases and industries,' said Thomas Kurian, CEO, Google Cloud. 'Now, Oracle customers can access our leading models from within their Oracle environments, making it even easier for them to begin deploying powerful AI agents that can support developers, streamline data integration tasks, and much more.' Google's Gemini models excel in enterprise use cases thanks to their ability to ground responses in up-to-date Google Search data for accuracy, large context windows, strong encryption and data privacy policies, and leading reasoning abilities. 'Oracle has been intentional in offering model choice curated for the enterprise, spanning open and proprietary models,' said Clay Magouyrk, president, Oracle Cloud Infrastructure. 'The availability of Gemini on OCI Generative AI service highlights our focus on delivering powerful, secure, and cost-effective AI solutions that help customers drive innovation and achieve their business goals.' Oracle brings leading-edge AI technology close to enterprise data and prioritizes security, adaptability, and scalability. This helps customers across industries apply the right AI technologies, including generative and agentic AI, to the right business scenarios for immediate results. In addition, thousands of AI innovators are leveraging OCI's cost-effective, purpose-built AI capabilities to run the most demanding AI workloads faster. OCI bare metal GPU instances can power applications for generative AI, natural language processing, computer vision, and recommendation systems.
