Google has confirmed an active attack targeting Chrome users, with hackers leveraging generative AI models such as ChatGPT, Copilot, and DeepSeek to develop malware capable of extracting sensitive information, including login credentials and financial data.
The Growing Threat Landscape
Warnings about malicious email links are becoming increasingly frequent, as traditional security measures struggle to keep up with AI-driven threats. Despite these advances, cyberattacks still require user interaction—such as clicking a link—to be successful. The latest attack exploits a critical Chrome vulnerability, prompting Google to release an urgent update for Windows users.
Follow THE FUTURE on LinkedIn, Facebook, Instagram, X and Telegram
“Google is aware of reports that an exploit (a piece of code, software, or technique that takes advantage of a vulnerability) for CVE-2025-2783 is being used in real-world attacks,” the company stated on Tuesday.
Update Your Browser Now
Chrome for Windows has been updated to version 134.0.6998.177/.178, which will roll out in the coming days or weeks. However, users can manually check for updates to install the fix immediately. Once downloaded, restarting the browser is crucial to apply the security patch.
What to Watch Out For
The attack was first identified by Kaspersky, which discovered a wave of infections caused by an unknown, highly sophisticated malware strain.
- How the attack works: Victims receive a highly personalized phishing email containing a malicious link. Once clicked, Chrome opens, and the infection occurs instantly—without requiring any further action from the user.
- Technical findings: Kaspersky’s researchers analyzed the exploit, reverse-engineered its logic, and reported the zero-day vulnerability to Google. The exploit bypassed Chrome’s security protections seamlessly, making it particularly concerning.
The Nature Of The Attack
According to Kaspersky, a logical error in the interface between Chrome’s sandbox and the Windows operating system was responsible for the vulnerability. As a result, this attack and the subsequent patch apply only to Windows users.
Kaspersky also suggests that the attack is likely espionage-driven, targeting media, educational institutions, and state organizations—primarily in Russia. The level of sophistication indicates the involvement of a state-sponsored hacking group.
“The exploit was designed to work alongside a second exploit that enables remote code execution. Unfortunately, we have not yet obtained this second exploit, as doing so would require waiting for another wave of attacks—putting users at risk,” Kaspersky reported.
Next Steps For Users
While Google has patched the first exploit, the second exploit remains a concern. The risk of further attacks persists, making user vigilance critical.
- Update Chrome immediately to the latest version.
- Avoid clicking on suspicious links—especially those in emails.
- Enable automatic updates to ensure future security patches are installed promptly.
Final Thoughts
This security incident comes at a challenging time for Google, following Microsoft’s recent claim that Edge offers better protection than Chrome. However, Google’s swift response with an urgent update is commendable. Now, it is up to users to ensure they install the fix and stay cautious against emerging threats.
