Google issued out-of-band updates to remediate the high-severity Chrome for Windows zero-day vulnerability, tracked as CVE-2025-2783, which has already been leveraged in cyberespionage intrusions against Russian organizations, The Hacker News reports.
Government agencies, educational entities, and media organizations across Russia have been targeted by attacks involving the zero-day.
The attacks commence with the deployment of phishing emails purporting to be from organizers of the Primakov Readings forum.
The emails included short-lived links that facilitated immediate compromise when opened in the Chrome browser, according to Kaspersky researchers, who identified and reported the security issue.
"All the attack artifacts analyzed so far indicate high sophistication of the attackers, allowing us to confidently conclude that a state-sponsored APT group is behind this attack," said researchers. Ongoing attacks with the first actively exploited Chrome zero-day this year should also prompt the quick patching of Microsoft Edge, Opera, and other Chromium-based web browsers.
You can skip this ad in 5 seconds