Google Chrome is the most popular browser in the world, and it is used by billions of people. However, its widespread usage also makes it a prime target for bad actors who exploit various methods, such as malicious extensions, phishing links and fake websites. The latest attack involves hackers exploiting a browser vulnerability to conduct espionage. Google has acknowledged the security flaw and has released an update to fix it.
Stay protected & informed! Get security alerts & expert tech tips – sign up for Kurt’s The CyberGuy Report now.
A man using Google Chrome on his laptop (Kurt “CyberGuy” Knutsson)
About the attack
Cybersecurity researchers at Kaspersky recently discovered a sophisticated cyber espionage campaign exploiting a previously unknown vulnerability in Google Chrome. The attack was triggered when victims unknowingly clicked on a phishing link in an email, launching a malicious site in their browser. Shockingly, no further action was required. Simply opening the link was enough to infect the system.
According to Kaspersky’s report, the malware was based on a zero-day vulnerability, later identified as CVE-2025-2783. Researchers say they analyzed the exploit, reverse-engineered its logic and uncovered that it allowed attackers to bypass Chrome’s built-in security features as if they didn’t exist.
The vulnerability exploited Chrome’s inter-process communication framework, known as Mojo, which is crucial for the browser’s functionality. This allowed the attackers to execute malicious code across different processes within Chrome, effectively bypassing its security measures.
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” Kaspersky noted.
The cybersecurity team also highlighted the stealthy nature of the attack, which primarily targeted media professionals, educational institutions and government agencies. Dubbed “Operation ForumTroll,” the campaign appeared to have espionage as its primary goal.
Google Chrome on a phone (Kurt “CyberGuy” Knutsson)
CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PC
Google’s response to the attack
Once Kaspersky reported the vulnerability, Google released an emergency fix. The company has updated Chrome’s Stable channel for Windows, with the update gradually rolling out to users over the next few days and weeks. Meanwhile, the Extended Stable channel has also been updated.
As with most security updates, Google is keeping the details under wraps until the majority of users have installed the fix. This is a standard precaution to prevent other hackers from exploiting the flaw, while some users are still unprotected. If the bug also affects third-party software, Google will continue restricting details until those platforms release their own patches.
HACKED CHROME EXTENSIONS PUT 2.6 MILLION USERS AT RISK OF DATA LEAK
How to update Google Chrome
While the malware is affecting the Windows version of Google Chrome, it’s a good idea for everyone who uses Google Chrome to update their browsers. Below, we’ve listed steps to update the browser on Windows and other devices. To learn more about how to update other browsers like Safari, see my guide here.
Windows
- Open Chrome browser
- At the top right, click More
- Click Help, then About Google Chrome
- Select Update Google ChromeNote: If you do not see the “Update Google Chrome” button, then your browser is already updated
- Click Relaunch to complete
Google Chrome update on Windows (Kurt “CyberGuy” Knutsson)
macOS
- Open Google Chrome on your Mac
- Click the three dots in the upper-right corner of the browser window
- Navigate to Help > About Google Chrome from the dropdown menu
- The browser will automatically check for updates. If an update is available, it will begin downloading immediately
- Once the update is downloaded, click Relaunch to apply it
- If the above steps fail, or you do not see the update option, visit google.com/chrome to download the latest version manually, then open the installer file and follow the on-screen instructions to install Chrome
iPhone/iPad
- Open the App Store on your iPhone or iPad
- Tap your profile picture in the top-right corner of the screen
- Scroll down to Available Updates and look for Google Chrome in the list of apps with pending updates
- If you see Chrome listed, tap the Update button next to it
- If you don’t see Chrome under Available Updates, use the search bar at the top of the App Store and type Google Chrome, then tap on Google Chrome in the search results and check if an Update button is available. If so, tap it
- Once updated, a small blue dot will appear next to Chrome’s app name on your home screen, indicating that it has been recently updated
- You can also confirm that Chrome is up to date by reopening the App Store, scrolling down to Updated Recently and checking if Google Chrome appears there with today’s date
Android
Settings may vary depending on your Android phone’s manufacturer.
- Open the Google Play Store app on your device
- Tap your profile icon in the top-right corner of the screen
- Select Manage apps & device from the menu
- Under Updates available, tap See details to view a list of apps with pending updates
- Locate Google Chrome in the list and tap the Update button next to it
- If you don’t see Chrome listed under updates, search for Google Chrome in the Play Store search bar, then tap on Chrome in the results and check if an Update button is available. If so, tap it
- Once updated, tap Open to launch the latest version of Chrome
OUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY
3 additional ways to protect your privacy
While updating Chrome should fix the vulnerability, below are some security tips you can follow to further bolster your privacy and security.
1) Have strong antivirus software: Hackers often gain access to devices by sending infected emails or documents or by tricking you into clicking a link that downloads malware. You can avoid all of this by installing strong antivirus software that will detect any potential threat before it can take over your device. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Enable two-factor authentication (2FA): Many online accounts, including Google, offer two-factor authentication as an extra security measure. Enabling 2FA ensures that even if a hacker obtains your password, they still need a second form of verification, such as a code sent to your phone, to access your account. This simple step significantly reduces the chances of unauthorized access.
3) Use a secure password manager: A strong password is crucial, but remembering multiple complex passwords can be difficult. A password manager generates, stores and autofills strong passwords for your accounts, reducing the risk of password-related breaches. Avoid using the same password across different sites and always opt for long, unique passwords. Get more details about my best expert-reviewed password managers of 2025 here.
Kurt’s key takeaway
This incident serves as yet another reminder that even the most secure systems are never truly invulnerable, especially when state-backed or highly skilled actors are in play. While Google’s quick response is commendable, it also highlights the never-ending cat-and-mouse game between security teams and cybercriminals. If you are using Chrome, update it now.
Do you think Google is doing enough to protect users from security threats? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
