Operation ForumTroll exploits zero-days in Google Chrome

Description

In March 2025, a sophisticated malware campaign exploited a zero-day vulnerability in Google Chrome to infect targets. The attack, dubbed Operation ForumTroll, used personalized phishing emails with short-lived links to deliver malware. Kaspersky detected the exploit, reported it to Google, and an update was released to fix the vulnerability (CVE-2025-2783). The campaign targeted media outlets, educational institutions, and government organizations in Russia, disguising itself as invitations to the 'Primakov Readings' forum. The attackers' goal appears to be espionage, and the sophistication of the malware suggests a state-sponsored APT group is behind the operation. The exploit chain involved sandbox escape and remote code execution, though only the former was fully analyzed.