TechCrunch·2025-03-26 13:15Core Points - Google has fixed a vulnerability in its Chrome browser for Windows, tracked as CVE-2025-2783, which was exploited by malicious hackers to access victims' computers [1][2] - The vulnerability was discovered by Kaspersky and is classified as a zero-day, meaning it was exploited before Google had the opportunity to address it [2] - The hacking campaign, named "Operation ForumTroll" by Kaspersky, involved phishing emails that lured victims to a malicious website [3] Vulnerability Details - The bug allowed attackers to bypass Chrome's sandbox protections, which are designed to limit browser access to user data [4] - The vulnerability affects all browsers based on Google's Chromium engine, indicating a broader impact beyond just Chrome [4] Exploitation Context - Kaspersky suggested that the bug was likely used in an espionage campaign targeting Russian media representatives and educational institutions [5] - The campaign is believed to be linked to a state-sponsored or government-backed group of hackers, although the specific group remains unidentified [5] Market Implications - Browsers like Chrome are frequent targets for hackers, with zero-day vulnerabilities being highly valuable in the cybercrime market, with offers reaching up to $3 million for exploitable bugs [6] - Google plans to roll out updates for Chrome in the coming days and weeks to address the vulnerability [6]