TZUTC: -0500   
   MSGID: 689.consprcy@1:2320/105 2c4a9e3c   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Google Chrome security flaw could have let hackers spy on all your online   
   habits   
      
   Date:   
   Wed, 26 Mar 2025 13:03:00 +0000   
      
   Description:   
   A new Google Chrome bug was being used to spy on businesses.   
      
   FULL STORY   
      
   Google has fixed a high-severity zero-day vulnerability in its Chrome browser   
   that was being exploited in the wild.    
      
   In a security advisory, the company described the bug as an incorrect handle   
   provided in unspecified circumstances in Mojo on Windows.    
      
   The flaw is tracked as CVE-225-2783, and its yet to be given a severity    
   score. Google just lists it as high in its advisory. It was fixed with    
   version 134.0.6998.178 that already rolled out, so make sure to double-check   
   if youve already received it.    
      
   Operation ForumTroll   
      
   The company did not detail who the attackers, or the victims, are, and just   
   said it will restrict access to bug details and links until the majority of   
   users update their browsers. It did, however, thank two Kaspersky researchers   
   - Boris Larin and Igor Kuznetsov, for uncovering the flaw.    
      
   In a separate report, Kaspersky said the vulnerability was being used to   
   escape the browsers sandbox and deploy malware against targets in Russia.    
      
   The researchers spotted it while investigating a "spike in infections" from a   
   previously unknown malware strain, Cyberinsider reported .    
      
   The campaign involves phishing, redirecting victims to   
   primakovreadings[dot]info. The entire campaign was dubbed Operation    
   ForumTroll and apparently, the goal is to conduct cyber-espionage.    
      
   Kaspersky also said Operation ForumTroll attackers also used a separate   
   vulnerability to enable remote code execution on compromised endpoints.   
   However, patching the Chrome flaw breaks the entire infection chain.    
      
   "While research is still ongoing, but judging by the functionality of the   
   sophisticated malware used in the attack, Kaspersky says the attackers' goal   
   was likely espionage," Kaspersky said.    
      
   "The malicious emails contained invitations supposedly from the organizers of   
   a scientific and expert forum, 'Primakov Readings,' targeting media outlets,   
   educational institutions and government organizations in Russia. Based on the   
   content of the emails, we dubbed the campaign Operation ForumTroll."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/google-chrome-security-flaw-could-have-   
   let-hackers-spy-on-all-your-online-habits   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426