After cybersecurity specialists identified a surge in malware targeting Chrome users, Google confirmed the attacks and revealed that a security fix would be included in the upcoming browser update.
The data security firm Kaspersky discovered this month that there had been “a wave of infections by previously unknown and highly sophisticated malware,” which occurred when a user clicked on a phishing link in an email and accessed the malicious site through Google Chrome.
“No further action was required to become infected,” the researchers noted.
In their findings, the cybersecurity team explained that they “quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome,” promptly notifying Google about the issue.
“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” the researchers admitted.
“The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.”
The main purpose of the malware appeared to be “espionage,” the team explained, adding that the attack, called “Operation ForumTroll,” was specifically targeting media professionals, educational institutions, and government organizations.
Though a fix for the security vulnerability will be included in the next update for Chrome, experts have consistently advised users to be cautious about clicking on unfamiliar links and to carefully assess the safety of emails before interacting with them.
This news comes just days after Microsoft encouraged users to switch to its Edge browser amid a surge in cybersecurity incidents.
In a related development, Google Chrome users were recently cautioned to stop using over a dozen browser extensions that posed security risks.
Last month, experts flagged 16 “malicious” extensions—used for purposes such as ad-blocking, adding emojis, and more—that allowed hackers to steal data or even commit search engine fraud.

{Matzav.com}The post Google Confirms Cyber ‘Espionage’ Attacks On Chrome Users From ‘Highly Sophisticated Malware’ first appeared on Matzav.com.