Things seem to go worse from bad for Google Chrome, a browser used by nearly half the population of the Earth.
Security researchers from Kaspersky and others have revealed that an unpatched zero-day vulnerability, now tracked as CVE-2025-2783, has been weaponized by a threat cluster tied to Mem3nt0 Mori and a surveillance-vendor ecosystem that includes a successor to the notorious Hacking Team.
Details of the Exploit and Operational Attack
According to researchers, the zero day allows attackers to bypass Chrome’s sandbox protection with minimal user interaction, often as simple as clicking a malicious link. The exploit chain deploys a modular spyware payload that connects to command and control servers, downloads additional modules, and self destructs if no commands are received, all with advanced anti analysis capabilities.
In one documented campaign, the threat actor “Operation ForumTroll” reportedly used the exploit with toolsets associated with Dante class spyware, indicating commercial vendor sophistication and likely access by nation state backed entities. In another case, Mem3nt0 Mori leveraged the same vulnerability to deliver spyware to targeted users, demonstrating the active nature of the threat.
Zero-Day Malware and Chrome’s Dominance
Chrome’s dominance, with approximately 70 percent market share, makes the vulnerability incredibly high value to adversaries. Analysts note that with billions of users, leaving a browser unpatched is like leaving the front door wide open on a skyscraper.
Moreover, this incident reflects a broader trend: espionage campaigns increasingly rely on zero day exploits in mainstream products rather than lesser known niche software.
According to data from Google’s Threat Analysis Group[1], dozens of zero day vulnerabilities were exploited in 2024 alone, many targeting browsers and user facing applications.
Response from Google and What You Should Do
Google has issued an emergency patch to address CVE 2025 2783. Users and administrators are urged to update Chrome immediately and restart their browsers. Public advisories warn that failing to patch now equates to an elevated risk of browser based espionage.
The Google team also reached out to TechJuice, clarifying the efforts ongoing to protect the user data specific to Gmail attack[2] some days ago. They said:
We’re seeing this being misrepresented and distorted in coverage… This is ongoing infostealer activity that happens across the web, with attackers employing various tools to harvest credentials – it’s a not a single, specific attack aimed at any one person, tool or platform
Tips for protecting yourself and your organisation:
- Update to the latest Chrome version[3] now by checking via Settings → About Chrome.
- Restrict or monitor the installation of browser extensions, which are increasingly used as exploit platforms.
- Adopt layered security: enable MFA, use endpoint level protections, and monitor unusual network behaviour.
- Apply enterprise grade sandboxing and traffic analysis tools, especially if you operate in sectors such as media, government, or defence that appear to be targeted.
Implications for Enterprises and the Broader Ecosystem
The scale of this exploit elevates browser security from a routine concern to a critical enterprise risk. Organisations should assume that threat actors can exploit unpatched browsers to gain persistent footholds and access data arbitrarily.
The mass use of zero day vulnerabilities by commercial spyware vendors suggests broader implications for supply chain integrity and data sovereignty.
References
- ^ Google’s Threat Analysis Group (blog.google)
- ^ Gmail attack (www.techjuice.pk)
- ^ latest Chrome version (www.techjuice.pk)