Vulnerability was used in phishing attacks.
Out-of-band updates have been issued by Google to remediate the high-severity Chrome for Windows zero-day vulnerability.
Tracked as CVE-2025-2783, it has already been leveraged in cyberespionage intrusions against Russian organizations, The Hacker News reports. Government agencies, educational entities, and media organisations across Russia have been targeted with attacks involving the zero-day.
According to Kaspersky researchers, attacks commence with the deployment of phishing emails purporting to be from organisers of the Primakov Readings forum. These include short-lived links that facilitated immediate compromise upon opening in the Chrome browser.
"All the attack artifacts analysed so far indicate high sophistication of the attackers, allowing us to confidently conclude that a state-sponsored APT group is behind this attack," said researchers.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
