Sunday, May 25, 2025
HomeChromeAPT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox...

APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections

Published on

SIEM as a Service

Follow Us on Google News

In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome.

This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code.

The attack was initiated through personalized phishing emails, which directed victims to malicious links that, when opened in Google Chrome, immediately infected the system without requiring any additional user interaction.

- Advertisement - Google News
APT Hackers
Example of a malicious email used in this campaign

Technical Details of the Exploit

The exploit, identified as CVE-2025-2783, was particularly noteworthy due to its ability to bypass Chrome’s sandbox by exploiting a logical error at the intersection of Chrome’s sandbox and the Windows operating system.

Kaspersky’s exploit detection technologies successfully identified and analyzed the exploit, enabling the company to report the vulnerability to Google.

As a result, Google released an update on March 25, 2025, to address the issue, effectively blocking the attack chain by patching the sandbox escape vulnerability.

Although the second exploit required for remote code execution was not obtained, patching the first vulnerability effectively neutralized the attack.

Attack Campaign and Targets

Operation ForumTroll targeted media outlets and educational institutions in Russia, with the phishing emails masquerading as invitations to the “Primakov Readings” scientific and expert forum.

The sophistication of the malware and the tactics employed suggest that the attack was conducted by a state-sponsored APT group, with espionage likely being the primary goal.

The attackers’ use of highly personalized and short-lived malicious links added to the complexity and stealth of the operation.

Kaspersky plans to release a detailed report on the technical aspects of the exploit and the attackers’ techniques once a significant portion of users have updated their browsers to the patched version.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...