Core Points - Google has fixed a vulnerability in its Chrome browser for Windows, tracked as CVE-2025-2783, which was exploited by malicious hackers to access victims' computers [1][2] - The vulnerability was discovered by Kaspersky and is classified as a zero-day, meaning it was exploited before Google had the opportunity to address it [2] - The hacking campaign, named "Operation ForumTroll" by Kaspersky, involved phishing emails that lured victims to a malicious website [3] Vulnerability Details - The bug allowed attackers to bypass Chrome's sandbox protections, which are designed to limit browser access to user data [4] - The vulnerability affects all browsers based on Google's Chromium engine, indicating a broader impact beyond just Chrome [4] Exploitation Context - Kaspersky suggested that the bug was likely used in an espionage campaign targeting Russian media representatives and educational institutions [5] - The campaign is believed to be linked to a state-sponsored or government-backed group of hackers, although the specific group remains unidentified [5] Market Implications - Browsers like Chrome are frequent targets for hackers, with zero-day vulnerabilities being highly valuable in the cybercrime market, with offers reaching up to $3 million for exploitable bugs [6] - Google plans to roll out updates for Chrome in the coming days and weeks to address the vulnerability [6]

Core Insights - Apple has released patches for a zero-day vulnerability in WebKit, which could have been exploited in a sophisticated attack targeting specific individuals [1][4] - The vulnerability allowed hackers to escape WebKit's protective sandbox, potentially compromising user data [1] - The patch was made available for various Apple devices, including Macs, iPhones, iPads, Safari, and the Vision Pro headset [2] Vulnerability Details - The zero-day bug was identified in WebKit, the browser engine used by Safari and other applications [1] - Apple indicated that the attack was effective against devices running software prior to iOS 17.2 [3] Historical Context - In February, Apple described a similar attack as "an extremely sophisticated attack against specific targeted individuals," although there is no evidence linking the two incidents [4] - This specific language had not been used by Apple prior to the February incident [4]