Google Chrome is the most popular browser in the world, and it is used by billions of people. However, its widespread usage also makes it a prime target for bad actors who exploit various methods, such as malicious extensions, phishing links and fake websites. The latest attack involves hackers exploiting a browser vulnerability to conduct espionage. Google has acknowledged the security flaw and has released an update to fix it.Stay protected & informed! Get security alerts & expert tech tips – sign up for Kurt’s The CyberGuy Report now. A man using Google Chrome on his laptop (Kurt “CyberGuy” Knutsson)About the attackCybersecurity researchers at Kaspersky recently discovered a sophisticated cyber espionage campaign exploiting a previously unknown vulnerability in Google Chrome. The attack was triggered when victims unknowingly clicked on a phishing link in an email, launching a malicious site in their browser. Shockingly, no further action was required. Simply opening the link was enough to infect the system.According to Kaspersky’s report, the malware was based on a zero-day vulnerability, later identified as CVE-2025-2783. Researchers say they analyzed the exploit, reverse-engineered its logic and uncovered that it allowed attackers to bypass Chrome’s built-in security features as if they didn’t exist.The vulnerability exploited Chrome’s inter-process communication framework, known as Mojo, which is crucial for the browser’s functionality. This allowed the attackers to execute malicious code across different processes within Chrome, effectively bypassing its security measures.”We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” Kaspersky noted. The cybersecurity team also highlighted the stealthy nature of the attack, which primarily targeted media professionals, educational institutions and government agencies. Dubbed “Operation ForumTroll,” the campaign appeared to have espionage as its primary goal. Google Chrome on a phone (Kurt “CyberGuy” Knutsson)CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PCGoogle’s response to the attackOnce Kaspersky reported the vulnerability, Google released an emergency fix. The company has updated Chrome’s Stable channel for Windows, with the update gradually rolling out to users over the next few days and weeks. Meanwhile, the Extended Stable channel has also been updated.As with most security updates, Google is keeping the details under wraps until the majority of users have installed the fix. This is a standard precaution to prevent other hackers from exploiting the flaw, while some users are still unprotected. If the bug also affects third-party software, Google will continue restricting details until those platforms release their own patches.HACKED CHROME EXTENSIONS PUT 2.6 MILLION USERS AT RISK OF DATA LEAKHow to update Google ChromeWhile the malware is affecting the Windows version of Google Chrome, it’s a good idea for everyone who uses Google Chrome to update their browsers. Below, we’ve listed steps to update the browser on Windows and other devices. To learn more about how to update other browsers like Safari, see my guide here. WindowsOpen Chrome browserAt the top right, click More Click Help, then About Google ChromeSelect Update Google ChromeNote: If you do not see the “Update Google Chrome” button, then your browser is already updatedClick Relaunch to complete Google Chrome update on Windows (Kurt “CyberGuy” Knutsson)macOSOpen Google Chrome on your MacClick the three dots in the upper-right corner of the browser windowNavigate to Help > About Google Chrome from the dropdown menuThe browser will automatically check for updates. If an update is available, it will begin downloading immediatelyOnce the update is downloaded, click Relaunch to apply itIf the above steps fail, or you do not see the update option, visit google.com/chrome to download the latest version manually, then open the installer file and follow the on-screen instructions to install ChromeiPhone/iPadOpen the App Store on your iPhone or iPadTap your profile picture in the top-right corner of the screenScroll down to Available Updates and look for Google Chrome in the list of apps with pending updatesIf you see Chrome listed, tap the Update button next to itIf you don’t see Chrome under Available Updates, use the search bar at the top of the App Store and type Google Chrome, then tap on Google Chrome in the search results and check if an Update button is available. If so, tap itOnce updated, a small blue dot will appear next to Chrome’s app name on your home screen, indicating that it has been recently updatedYou can also confirm that Chrome is up to date by reopening the App Store, scrolling down to Updated Recently and checking if Google Chrome appears there with today’s dateAndroid Settings may vary depending on your Android phone’s manufacturer. Open the Google Play Store app on your deviceTap your profile icon in the top-right corner of the screenSelect Manage apps & device from the menuUnder Updates available, tap See details to view a list of apps with pending updatesLocate Google Chrome in the list and tap the Update button next to itIf you don’t see Chrome listed under updates, search for Google Chrome in the Play Store search bar, then tap on Chrome in the results and check if an Update button is available. If so, tap itOnce updated, tap Open to launch the latest version of ChromeOUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY3 additional ways to protect your privacyWhile updating Chrome should fix the vulnerability, below are some security tips you can follow to further bolster your privacy and security.1) Have strong antivirus software: Hackers often gain access to devices by sending infected emails or documents or by tricking you into clicking a link that downloads malware. You can avoid all of this by installing strong antivirus software that will detect any potential threat before it can take over your device. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.2) Enable two-factor authentication (2FA): Many online accounts, including Google, offer two-factor authentication as an extra security measure. Enabling 2FA ensures that even if a hacker obtains your password, they still need a second form of verification, such as a code sent to your phone, to access your account. This simple step significantly reduces the chances of unauthorized access.3) Use a secure password manager: A strong password is crucial, but remembering multiple complex passwords can be difficult. A password manager generates, stores and autofills strong passwords for your accounts, reducing the risk of password-related breaches. Avoid using the same password across different sites and always opt for long, unique passwords. Get more details about my best expert-reviewed password managers of 2025 here.Kurt’s key takeawayThis incident serves as yet another reminder that even the most secure systems are never truly invulnerable, especially when state-backed or highly skilled actors are in play. While Google’s quick response is commendable, it also highlights the never-ending cat-and-mouse game between security teams and cybercriminals. If you are using Chrome, update it now.Do you think Google is doing enough to protect users from security threats? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you’d like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
Emergency Chrome security update amid cyber espionage threats
