Google has released a patch for a critical zero-day vulnerability in its Chrome browser for Windows, which was being exploited by malicious hackers in the wild. The bug, tracked as CVE-2025-2783, was discovered by researchers at security firm Kaspersky earlier this month.

The vulnerability was exploited as part of a hacking campaign, dubbed "Operation ForumTroll," which targeted Windows computers running Chrome. The campaign involved phishing emails inviting victims to a Russian global political summit, and when a link in the email was clicked, victims were taken to a malicious website that immediately exploited the bug to gain access to the victim's PC data.

According to Kaspersky, the bug allowed attackers to bypass Chrome's sandbox protections, which limit the browser's access to other data on the user's computer. This means that the attackers could potentially steal sensitive data from the victim's device. The bug affects not only Chrome but also other browsers based on Google's Chromium engine.

Kaspersky's analysis suggests that the bug was likely used in an espionage campaign, designed to stealthily monitor and steal data from a target's device over a period of time. The hackers sent personalized phishing emails to Russian media representatives and employees at educational institutions, indicating a targeted and sophisticated attack.

It's unclear who was exploiting the bug, but Kaspersky attributes the campaign to a likely state-sponsored or government-backed group of hackers. This is not surprising, given that browsers like Chrome are a frequent target for malicious hackers and government-backed groups. Zero-day bugs capable of breaking through their protections and into the victim's sensitive device data can be sold at high prices, with some zero-day brokers offering up to $3 million for exploitable bugs that can be triggered from over the internet.

Google has confirmed that Chrome updates will roll out over the coming days and weeks, and users are advised to update their browsers as soon as possible to protect themselves from potential attacks. The patching of this critical vulnerability is a timely reminder of the importance of keeping software up to date and being vigilant against phishing attacks.

The discovery and patching of this zero-day bug highlight the ongoing cat-and-mouse game between security researchers, software vendors, and malicious hackers. As the threat landscape continues to evolve, it's essential for users to remain informed and take proactive steps to protect themselves from potential threats.