Google Patches Dangerous Chrome Bug Exploited by Hackers — Update Your Browser Now

Google has fixed a serious security hole in its Chrome browser for Windows, after it found hackers were exploiting the flaw to break into computers.

According to a brief update on Tuesday, Google said it had fixed the issue — tracked as CVE-2025-2783. Earlier this month, security experts at Kaspersky discovered the flaw. Before the bug was patched, hackers had already used it in a 'real world attack,' Google admitted. Such flaws are known as 'zero-day' vulnerabilities because the attackers use them long before the developers can patch them.

Kaspersky said that the bug was part of a hacking campaign known as Operation ForumTroll. Phishing emails were the first step — they invited the victims to a Russian global political summit. 

Victims who clicked the link in the email then landed on a malicious website where the bug was immediately exploited to get access to their computer data.

Kaspersky did not reveal much about it, but confirmed the flaw enabled hackers to circumvent Chrome’s sandbox protections. Usually, these protections prevent the browser from being able to access sensitive data on a user's computer. 

Additionally, Kaspersky pointed out that this flaw was not confined to Chrome, as it hit all other browsers based on Google’s Chromium engine.

Security researchers believe that this bug was exploited in an espionage campaign. These campaigns are meant to steal information from targets secretly over time. 

Kaspersky said the attacker sent personalised 'phishing' emails to Russian media professionals and employees at educational institutions. 

However, it is still not totally clear who was behind the attack. The cybersecurity firm believes a state-sponsored hacking group may have been involved.

Hackers targeted right at the heart of web browsers, including those that are backed up by governments. Vulnerabilities like this are incredibly valuable, with some buyers willing to pay as much as $3 million for high-level zero-day exploits that provide remote access to a device.

It has now urged all its users to update Chrome immediately. In the coming days and weeks, the latest security patches will make their way to keep users safe.