wiredmikey shares a report from SecurityWeek: Google late Tuesday rushed out a patch for a sandbox escape vulnerability in its flagship Chrome browser after researchers at Kaspersky caught a professional hacking operation launching drive-by download exploits. The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in what appears to be a nation-state sponsored cyberespionage campaign [dubbed Operation ForumTroll] targeting organizations in Russia.

Kaspersky said it detected a series of infections triggered by phishing emails in the middle of March and traced the incidents to a zero-day that fired when victims simply clicked on a booby-trapped website from a Chrome browser. The Russian anti-malware vendor said victims merely had to click on a personalized, short-lived link, and their systems were compromised when the malicious website was opened in Chrome. Kaspersky said its exploit detection tools picked up on the zero-day, and after reverse-engineering the code, the team reported the bug to Google and coordinated the fix released on Tuesday.

[ Read more of this story ]( https://slashdot.org/story/25/03/26/0143210/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.