Google Chrome is the world’s most popular browser and is used by billions of people. However, its widespread use also becomes a major target for bad actors who use a variety of ways, including malicious extensions, phishing links, fake websites and more. Latest attacks involve hackers exploiting a browser vulnerability to carry out spying. Google has confirmed the security flaw and has released an update to fix it.
Be protected and provide information! Get security alerts and expert technical tips – Sign up for The CyberGuy Report in your cart now.
Man using Google Chrome on laptop (Kurt “Cyberguy” Knutsson)
About the attack
Kaspersky’s cybersecurity researchers recently discovered a sophisticated cyberspy campaign that exploits previously unknown vulnerabilities in Google Chrome. The attack was caused when the victim unconsciously clicked on the email phishing link and launched a malicious site in his browser. To my surprise, there was no need for further action. Just opening the link was enough to infect the system.
According to a Kaspersky report, the malware was based on a zero-day vulnerability and was later identified as CVE-2025-2783. Researchers say they analyzed the exploit and reversed its logic, revealing that attackers could bypass Chrome’s built-in security features as if they weren’t present.
The vulnerability exploited Chrome’s interprocess communications framework known as Mojo. This is important for browser functionality. This allowed attackers to run malicious code in various processes within Chrome, effectively bypassing security measures.
“We have discovered and reported zero-day exploits that are actively used in attacks, but this particular exploit is certainly one of the most interesting things we have encountered,” Kaspersky said.
The cybersecurity team highlighted the stealth nature of attacks targeting media experts, educational institutions and government agencies. The campaign, called “Operation ForumTroll,” appeared to be espionage as its main goal.
Google Chrome on the phone (Kurt “Cyberguy” Knutsson)
Clickfix malware will trick you into infecting your own Windows PC
Google’s response to attacks
When Kaspersky reported a vulnerability, Google released an emergency fix. The company has updated its stable channels for Chrome for Windows, with updates gradually rolling out to users over the next few days and weeks. Meanwhile, the expanded stable channels have also been updated.
Like most security updates, Google keeps the details wrapped and kept until the majority of users install the fix. This is a standard precaution to prevent other hackers from exploiting the defect, but some users are not yet protected. If a bug also affects third-party software, Google will continue to limit details until these platforms release their own patches.
Hacked Chrome Extension puts 2.6 million users at risk of data leaks
How to update Google Chrome
Malware affects the Windows version of Google Chrome, but it’s a good idea for everyone who uses Google Chrome to update their browsers. Below we have listed the steps to update your browser on Windows and other devices. For more information on how to update other browsers like Safari, see this guide.
Windows
Open Chrome browserat in the top right corner, click on the help, then click on Google ChromeNote for updates in Google ChromeSelect: If the “Update Google Chrome” button is not displayed, your browser has already been updated.
Google Chrome Update for Windows (Kurt “Cyberguy” Knutsson)
macs
Open Google Chrome on Mac Click and check the 3 dots in the top right corner of the browser dropdown in Menuthe browser > Automatically check the Windownavigate dropdown. If an update is available, the update will be downloaded immediately. Click if the above steps fail, or not view the update options, or go to go to google.com/chrome to download the latest version manually, then open the installer file and follow the on-screen instructions to install Chrome.
iPhone/iPad
Open your iPhone or iPadtap app store to your profile photo at the top corner of screen crawling and look for Google Chrome until available updates. If so, if updated, a small blue dot will appear on the home screen next to the Chrome app name. Indicates that it has been recently updated. You can also make sure that Chrome is up to date by restarting the App Store, updating and scrolling recently, and checking if Google Chrome appears there with today’s date.
Android
Settings may vary depending on the manufacturer of your Android phone.
Open the Google Play Store app in Devicetap, open the profile icon in the top corner of Screen Select and manage your apps and devices from available menu under updates. If so, tap on the updated tap and tap (Open and open) to launch the latest version of Chrome
Outmart hackers trying to steal your identity
Three additional ways to protect your privacy
While Chrome updates require fixing vulnerabilities, below are some security tips you can follow to further enhance your privacy and security.
1) Have powerful antivirus software: Hackers often have access to your device by sending infected emails and documents or by clicking on the link to download malware. This can avoid all this by installing powerful antivirus software that detects potential threats before taking over your device. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
2) Enabling 2-Factor Authentication (2FA): Many online accounts, including Google, offer 2-Factor Authentication as an additional security measure. Enabling 2FA will require validation of the second form, such as the code sent to your phone, even if the hacker obtains the password. This simple step significantly reduces the possibility of unauthorized access.
3) Use a secure password manager: Strong passwords are important, but remembering multiple complex passwords can be difficult. Password manager generates, stores and automates strong passwords for your account, reducing the risk of password-related breach. Don’t use the same password on different sites and always choose a unique password for a long time. For more information about my best expert reviewed password managers of 2025, click here.
Important points of cart
This case serves as a further reminder that even the safest systems are never truly immortal, especially when state-backed or highly skilled actors exist. While Google’s quick response is admirable, it also highlights the never-ending cat and mouse game between security teams and cybercriminals. If you are using Chrome, please update it now.
Do you think Google is doing enough to protect users from security threats? Please let us know by writing to cyberguy.com/contact.
For more information about my tech tips and security alerts, head to cyberguy.com/newsletter and subscribe to our free Cyberguy Report newsletter.
Please ask your cart or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
