Through this vulnerability, attackers can overcome the sandbox protection mechanism - a filter created by Google to control, manage, and prevent new websites from being highly ranked in the results page of the Google search engine.
detected by Kaspersky's Global Research and Analysis Team (GReAT), this vulnerability does not require users to perform any action other than clicking on malicious links, and this is an extremely complex, sophisticated vulnerability. That is why Kaspersky researchers have been recognized by Google for their discovery and reporting of this vulnerability.
In mid-March 2025, Kaspersky discovered an infection wave that occurred when users clicked on personalized and email fraudulent links. After clicking on the link, the user's system is immediately hacked, even if that person does not perform any additional operations.
After analyzing and confirming that the attack was exploiting an undetectable vulnerability in the latest version of Chrome, Kaspersky immediately alerted Google's security team. The security patch for this vulnerability has just been released recently.
Kaspersky named the campaign Operation ForumTroll, because the attackers used the form of sending emails inviting victims to attend the Primakov Readings forum to commit fraud. More specifically, toxic links only exist for a short time to avoid detection. And in most cases, the links will be directed to the legitimate Primakov Readings website to hide traces after the fraud is completed.
Boris Larin, Head of Security researchers at Kaspersky's GReAT, said the vulnerability was more dangerous than the dozens of zero-day vulnerabilities we have discovered over the years. The attacker exploited this vulnerability to bypass Chrome's sandbox protection mechanism without performing any obvious acts, as if the browser's security system had almost disappeared.
Kaspersky security experts recommend implementing the following measures to protect against similar complex threats:
- Timely software update: Always update the operating system and web browser, especially Google Chrome, to avoid cybercrime attacks through new security vulnerabilities.
- Apply a multi-layered security model: In addition to endpoint protection, users should consider using solutions such as Next XDR Expert, applying artificial intelligence and machine learning to analyze and measure the correlation of data, thereby automatically detecting and responding to advanced threats and APT campaigns.
- Using the latest forecast information such as Kaspersky Threat Intelligence, it helps update zero-day vulnerabilities and the latest attack techniques.
