Google Chrome confirms cyber ‘espionage’ attacks from ‘highly sophisticated malware’

Think before clicking on these links.

After cybersecurity experts discovered an influx of malware infecting Chrome users, Google has since confirmed the attacks and announced a security patch that will accompany the latest browser update.

Researchers at data protection firm Kaspersky found “a wave of infections by previously unknown and highly sophisticated malware” this month, which was triggered when a target clicked on a phishing link in an email and launched the site in Google Chrome.

“No further action was required to become infected,” the researchers noted.

According to their report, the cybersecurity researchers “quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome,” promptly reporting it to the tech giant.

“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” the researchers admitted.

“The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.”

The primary goal of the malware seemed to be “espionage,” the team explained, adding that this attack, dubbed “Operation ForumTroll,” was targeting media professionals, educational institutions and government agencies.

While the security flaw will be patched in the next Chrome update, experts have long warned users to avoid clicking on unknown links and to use a critical eye when evaluating emails for safety before engaging with the contents.

The news of the vulnerability comes mere days after Microsoft urged people to use the company’s browser Edge amid a flurry of cybersecurity attacks.

Last month, Google Chrome users were warned to stop using more than a dozen browser extensions that posed a security threat.

Experts flagged 16 “malicious” browser extensions — used for ad blocking, emojis and more — that allowed hackers to swipe data or even partake in search engine fraud.