Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists

Topics

Latest

AI

Amazon

Image Credits:Getty Images

Apps

Biotech & Health

clime

Image Credits:Getty Images

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

fund raise

Gadgets

Gaming

Google

Government & Policy

computer hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

security department

societal

place

startup

TikTok

conveyance

speculation

More from TechCrunch

upshot

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

touch Us

Google said it has fix a vulnerability in its Chrome web internet browser for Windows that malicious hacker have used to discontinue into victims ’ computers .

In abrief noteon Tuesday , Google said that it fixed the exposure , tracked as CVE-2025 - 2783 , that was get word by researchers at security house Kaspersky before this month .

Google said it was cognizant of reports that an exploit for the bug “ survive in the natural state . ” The bug is referred to as azero - daybecause the vendor — in this cause , Google — was given no prison term to fix the bug before it was exploited .

According to Kaspersky , the bug was exploit as part of a hacking crusade targeting Windows computers running Chrome .

Ina blog post , Kaspersky called the campaign “ Operation ForumTroll ” and said victims were targeted with a phishing email invite them to a Russian global political summit . When a connexion in the e-mail was clicked , victims were take to a malicious site that straight off exploits the bug to gain admission to the victim ’s personal computer data .

Kaspersky providedlittle detailabout the bug at the time of the Chrome mend but said that the hemipteran let the attackers to bypass Chrome ’s sandbox protective covering , which limit the browser app ’s access to other data on the drug user ’s computer .   Kaspersky said the bug regard all other internet browser based on Google ’s Chromium engine .

Ina freestanding depth psychology , Kaspersky said the bug was in all likelihood used in an espionage campaign , typically design to stealthily monitor and steal information from a butt ’s gadget , usually over a period of time . The Russia - headquarter security firm said the hacker sent individualized phishing email to Russian medium representatives and employees at educational institutions .

Browsers like Chrome are a frequent target for malicious hacker and regime - backed radical . Zero - day bug capable of breaking through their shelter and into the dupe ’s sensible gadget datum can be sold at high prices . In 2024 , one zero - day factor wasoffering up to $ 3 million for exploitable bugsthat can be set off from over the cyberspace .

Google said Chrome updates will roll out over the come days and weeks .