1. Forum
  2. FidoNet
  3. CONSPRCY

  • Chrome flaw could let hac

    From Mike Powell@1:2320/105 to All on Thu Mar 27 09:44:00 2025
    Google Chrome security flaw could have let hackers spy on all your online habits

    Date:
    Wed, 26 Mar 2025 13:03:00 +0000

    Description:
    A new Google Chrome bug was being used to spy on businesses.

    FULL STORY

    Google has fixed a high-severity zero-day vulnerability in its Chrome browser that was being exploited in the wild.

    In a security advisory, the company described the bug as an incorrect handle provided in unspecified circumstances in Mojo on Windows.

    The flaw is tracked as CVE-225-2783, and its yet to be given a severity
    score. Google just lists it as high in its advisory. It was fixed with
    version 134.0.6998.178 that already rolled out, so make sure to double-check
    if youve already received it.

    Operation ForumTroll

    The company did not detail who the attackers, or the victims, are, and just said it will restrict access to bug details and links until the majority of users update their browsers. It did, however, thank two Kaspersky researchers
    - Boris Larin and Igor Kuznetsov, for uncovering the flaw.

    In a separate report, Kaspersky said the vulnerability was being used to
    escape the browsers sandbox and deploy malware against targets in Russia.

    The researchers spotted it while investigating a "spike in infections" from a previously unknown malware strain, Cyberinsider reported .

    The campaign involves phishing, redirecting victims to primakovreadings[dot]info. The entire campaign was dubbed Operation
    ForumTroll and apparently, the goal is to conduct cyber-espionage.

    Kaspersky also said Operation ForumTroll attackers also used a separate vulnerability to enable remote code execution on compromised endpoints. However, patching the Chrome flaw breaks the entire infection chain.

    "While research is still ongoing, but judging by the functionality of the sophisticated malware used in the attack, Kaspersky says the attackers' goal was likely espionage," Kaspersky said.

    "The malicious emails contained invitations supposedly from the organizers of
    a scientific and expert forum, 'Primakov Readings,' targeting media outlets, educational institutions and government organizations in Russia. Based on the content of the emails, we dubbed the campaign Operation ForumTroll."

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-chrome-security-flaw-could-have- let-hackers-spy-on-all-your-online-habits

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)