Kaspersky Unmasks Chrome Zero-Day Used for Spyware
Kaspersky researchers have uncovered a sophisticated cyberespionage operation leveraging a critical zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783. In a report published Tuesday, Kaspersky unmasks the Chrome zero-day as a remote code execution flaw exploited in a targeted campaign dubbed “ForumTroll.”
The attackers delivered commercial spyware linked to the Italian firm Memento Labs through this exploit. According to the report, victims were infected after visiting compromised websites, triggering the download and execution of the surveillance tool. The campaign reflects a growing trend of advanced persistent threats using zero-days to distribute commercial surveillance software.
Kaspersky unmasks the Chrome zero-day as part of a broader investigation into the ForumTroll campaign, which also involved several other vulnerabilities, including CVE-2025-10680, CVE-2025-11371, CVE-2025-54253, CVE-2025-2857, and CVE-2025-27915.
To explore more about the findings and technical details, read the full report at the official source below: