{"id":351349,"date":"2025-10-30T00:30:00","date_gmt":"2025-10-30T07:30:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=400437"},"modified":"2025-10-30T01:01:25","modified_gmt":"2025-10-30T08:01:25","slug":"a-vulnerability-in-google-chrome-has-exposed-millions-of-users","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/a-vulnerability-in-google-chrome-has-exposed-millions-of-users\/","title":{"rendered":"A vulnerability in Google Chrome has exposed millions of users"},"content":{"rendered":"\n<p>The vulnerability CVE-2025-2783, which has a CVSS score of 8.3, has been actively exploited in a campaign called Operation ForumTroll, targeting organizations in Russia.<strong> According to research by Kaspersky, this vulnerability, which allows sandbox evasion in Google Chrome, was used to distribute the spyware LeetAgent, developed by Memento Labs<\/strong>.<\/p>\n\n\n<h2 class=\"wp-block-heading\">A spyware with great potential to cause harm<\/h2>\n\n\n<p>The operation involved sending phishing emails with customized links that, when opened in Google Chrome or Chromium-based browsers, triggered the exploitation of the vulnerability. <strong>These attacks were directed at media outlets, universities, research centers, and governments, with the main objective of carrying out espionage activities<\/strong>.<\/p>\n\n\n<p>Memento Labs, an Italian technology and IT services company, <strong>has been under the radar since its formation in 2019, following the merger of InTheCyber Group and HackingTeam<\/strong>. The latter, known for selling intrusion and surveillance capabilities to governments, had suffered a hack in 2015 that exposed multiple tools and exploits.<\/p>\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"APT attack with Google Chrome zero-day exploit chain | Operation ForumTroll\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/fNOsplrmh0Q?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n<p>The APT group ForumTroll, which appears to be linked to another actor known as TaxOff, shows proficiency in Russian, although not all attackers are native speakers. <strong>This suggests a targeted and not indiscriminate approach in their operations<\/strong>. It has been observed that the spyware Dante, which replaces RCS, is used within this chain of attacks, offering advanced protections against analysis.<\/p>\n\n\n<p>Although the full extent of these attacks has not yet been completely determined, it is evident that the use of phishing techniques, as well as the connection between different tools and groups, raises serious concerns about cybersecurity in the region. <strong>Experts suggest that this is just the latest of several incidents associated with these malicious actors<\/strong>.<\/p>\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Avast Free Antivirus\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/2d9f9134-96d0-11e6-bf8f-00163ec9f5fa\/1408299994\/avast-Avast_Symbol_V2_Positive_Orange_256x256.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Avast Free Antivirus<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/avast.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\">DOWNLOAD<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/avast.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The vulnerability CVE-2025-2783, which has a CVSS score of 8.3, has been actively exploited in a campaign called Operation ForumTroll, targeting organizations in Russia. According to research by Kaspersky, this vulnerability, which allows sandbox escape in Google Chrome, was used to distribute the spyware LeetAgent, developed by Memento Labs. A spyware with great potential to cause harm The operation involved sending phishing emails with customized links that, when opened in Google Chrome or Chromium-based browsers, triggered the exploitation of the vulnerability. These attacks were targeted [&#8230;]<\/p>\n","protected":false},"author":9318,"featured_media":351350,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015,11143],"tags":[17798,17799,1045,1472,17800,17801,17802,3808],"usertag":[],"vertical":[],"content-category":[7176],"class_list":["post-351349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-softwaresecurity","tag-ciber-seguridad","tag-cracking","tag-google-chrome","tag-hacking","tag-leeagent","tag-memento-labs","tag-operacion-forumtroll","tag-seguridad","content-category-seguridad-privacidad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/351349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9318"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=351349"}],"version-history":[{"count":2,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/351349\/revisions"}],"predecessor-version":[{"id":351365,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/351349\/revisions\/351365"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/351350"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=351349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=351349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=351349"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=351349"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=351349"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=351349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}