Google Chrome security flaw could have let hackers spy on all your online habits

Google Chrome has patched its first zero-day flaw of the year
The bug allowed cyber-espionage, primarily against targets in Russia
Kaspersky researchers thanked for finding bug, and users told to update now

Google has fixed a high-severity zero-day vulnerability in its Chrome browser that was being exploited in the wild.

In a security advisory, the company described the bug as an “incorrect handle provided in unspecified circumstances in Mojo on Windows”.

The flaw is tracked as CVE-2’25-2783, and it’s yet to be given a severity score. Google just lists it as “high” in its advisory. It was fixed with version 134.0.6998.178 that already rolled out, so make sure to double-check if you’ve already received it.

Operation ForumTroll

The company did not detail who the attackers, or the victims, are, and just said it will restrict access to bug details and links until the majority of users update their browsers. It did, however, thank two Kaspersky researchers – Boris Larin and Igor Kuznetsov, for uncovering the flaw.

In a separate report, Kaspersky said the vulnerability was being used to escape the browser’s sandbox and deploy malware against targets in Russia.

The researchers spotted it while investigating a “spike in infections” from a previously unknown malware strain, Cyberinsider reported.

The campaign involves phishing, redirecting victims to primakovreadings[dot]info. The entire campaign was dubbed Operation ForumTroll and apparently, the goal is to conduct cyber-espionage.

Kaspersky also said Operation ForumTroll attackers also used a separate vulnerability to enable remote code execution on compromised endpoints. However, patching the Chrome flaw breaks the entire infection chain.

”While research is still ongoing, but judging by the functionality of the sophisticated malware used in the attack, Kaspersky says the attackers’ goal was likely espionage,” Kaspersky said.

“The malicious emails contained invitations supposedly from the organizers of a scientific and expert forum, ‘Primakov Readings,’ targeting media outlets, educational institutions and government organizations in Russia. Based on the content of the emails, we dubbed the campaign Operation ForumTroll.”

https://cdn.mos.cms.futurecdn.net/8Mw3Yhi8NZMR44GH526arM-1200-80.jpg

Source link

Quordle hints and answers for Saturday, April 4 (game #1531)

NYT Connections hints and answers for Saturday, April 4 (game #1028)

NYT Strands hints and answers for Saturday, April 4 (game #762)

Dell packs full desktop performance into a palm-sized device that’s powered entirely through a single USB-C connection

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

‘Love on the Spectrum’ Renewed At Netflix For Season 5

Jonathan Majors Falls Through Window of Daily Wire Movie Set

Love on the Spectrum Season 5 Renewal, Connor Tomlinson Exits

Michael B. Jordan Nephew, Niece for Netflix Swapped TikTok Video

Why the eurozone growth hit may be more severe this time

Trump administration can’t make colleges provide race-related data, judge rules

Canberra urges Easter travel as fuel shortages hit rural Australia

Sloan, Spyre Therapeutics CMO, sells $397k in shares

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Google Chrome security flaw could have let hackers spy on all your online habits

‘Love on the Spectrum’ Renewed At Netflix For Season 5

Why the eurozone growth hit may be more severe this time

Jonathan Majors Falls Through Window of Daily Wire Movie Set

Trump administration can’t make colleges provide race-related data, judge rules