Full Report
Kaspersky attributed the hacks to an espionage campaign targeting journalists and employees at educational institutions.
Analysis Summary
# Vulnerability: Chrome Zero-Day Used in 'Operation ForumTroll' Targeting Windows Users
## CVE Details
- CVE ID: CVE-2025-2783
- CVSS Score: N/A (Severity implied as High due to in-the-wild exploitation of a zero-day)
- CWE: Not specified in the summary.
## Affected Systems
- Products: Google Chrome (Windows version), and all other browsers based on the Chromium engine.
- Versions: Unspecified specific versions prior to the patch release.
- Configurations: Windows operating system users running the affected Chrome version.
## Vulnerability Description
This vulnerability is a zero-day flaw in Google Chrome for Windows that allows attackers to escape the browser's sandbox protections. Sandbox escapes grant malicious code running within the browser context the ability to access and interact with other data and processes on the user's computer system.
## Exploitation
- Status: Exploited in the wild (as part of "Operation ForumTroll").
- Complexity: Assumed Medium/High (required for successful zero-day exploitation, though the initial access vector was simple phishing).
- Attack Vector: Network (via malicious website delivered through phishing email).
## Impact
- Confidentiality: High (Attackers can gain access to victim PC data).
- Integrity: High (Potential to modify system components if escalation succeeds).
- Availability: Medium (Potential for system disruption, although the primary goal cited was espionage/data theft).
## Remediation
### Patches
- Google released a stable channel update for desktop that addresses CVE-2025-2783.
- Users must update Chrome to the latest fixed version immediately.
### Workarounds
- No specific workarounds were detailed in the summary, but immediate patching is critical since the vulnerability is actively exploited.
## Detection
- Indicators of Compromise: Activity related to "Operation ForumTroll," which involves phishing emails referencing a Russian global political summit, leading to malicious websites.
- Detection methods and tools: Security tools capable of monitoring for sandbox escape attempts within the Chrome process should be reviewed.
## References
- Vendor Advisories: Google Stable Channel Update (March 25, 2025).
- Relevant links:
- hxxps://techcrunch.com/2025/03/26/google-fixes-chrome-zero-day-security-flaw-used-in-hacking-campaign-targeting-journalists/
- hxxps://www.kaspersky.com/blog/forum-troll-apt-with-zero-day-vulnerability/53215/
- hxxps://securelist.com/operation-forumtroll/115989/