DMR News

Advancing Digital Conversations

Google Acts Quickly to Patch Chrome Vulnerability Exploited in Russian Phishing Attacks

ByHilary Ong

Mar 31, 2025

Google Acts Quickly to Patch Chrome Vulnerability Exploited in Russian Phishing Attacks

Google has announced an emergency patch to fix a critical vulnerability in its Chrome browser. Hackers used this vulnerability to distribute spyware across Russian users’ phones. This bug this CVE-2025-2783 — which is really bad— exists at the intersection of Google Chrome’s sandbox and Microsoft Windows. This sandbox is a security measure designed to contain malicious software. The vulnerability creates a logic flaw that cybercriminals could exploit.

The fixEmergency patch version 134.0.6998.178 was deployed Tuesday which closes the security hole. This quick move follows Kaspersky’s identification of the threat and subsequent disclosure of it to Google just last week. Kaspersky’s findings revealed that the hackers targeted Russian users by sending phishing emails to media outlets, educational institutions, and government organizations.

The phishing emails encouraged recipients to register for the Primakov Readings. This polit-econ international gathering is set to occur in Moscow this coming June. These emails included tailored links that would route users’ systems to be compromised if the link was clicked.

“In mid-March 2025, Kaspersky detected a wave of infections triggered when users clicked personalized phishing links delivered via email,” – Kaspersky

“After clicking, no additional action was needed to compromise their systems.” – Kaspersky

“The malicious links were extremely short-lived to evade detection, and in most cases ultimately redirected to the legitimate website for ‘Primakov Readings’ once the exploit was taken down,” – Kaspersky

Kaspersky’s Discovery and Findings

The peculiar technical sophistication of this attack points to highly skilled actors who may have had superior resources at their disposal. Kaspersky said they would be releasing more information about the spyware once most users have had a chance to install the patch. At the same time, Microsoft is developing a patch for its Edge browser, which, like Chrome, is based on the same Chromium engine.

“The technical sophistication displayed here indicates development by highly skilled actors with substantial resources. We strongly advise all users to update their Google Chrome and any Chromium-based browser to the latest version to protect against this vulnerability,” – Boris Larin, Kaspersky security researcher

It is further believed that the attack utilized a second zero-day vulnerability in Chrome. The overriding ballet is still on getting users to update their browsers as soon as possible to take down this attack chain.

“Fortunately, patching the vulnerability used to escape the sandbox effectively blocks the entire attack chain” – Kaspersky

What The Author Thinks

The rapid identification and patching of this vulnerability show the vital importance of keeping software up-to-date, as cybercriminals are continuously finding new ways to exploit even the most secure systems. Users should take these warnings seriously and ensure that their browsers are updated immediately to avoid falling prey to similar attacks in the future.


Featured image credit: AS Photography via Pexels

Follow us for more breaking news on DMR

Hilary Ong

Hello, from one tech geek to another. Not your beloved TechCrunch writer, but a writer with an avid interest in the fast-paced tech scenes and all the latest tech mojo. I bring with me a unique take towards tech with a honed applied psychology perspective to make tech news digestible. In other words, I deliver tech news that is easy to read.

Leave a Reply

Your email address will not be published. Required fields are marked *