Google said she has arranged a weakness in her Chrome browser for Windows that malicious hackers used to enter the victims’ computers.
In a brief note on Tuesday, Google said he fixed the vulnerability, followed as CVE-2015-2783, which was discovered by researchers at Kaspersky security firm earlier this month.
Google said it was aware of reports that a bug use “exists in nature”. The bug is referred to as a zero day because the seller-in this case, Google-was not given time to fix the error before it was used.
According to Kaspersky, the mistake was used as part of a hacked campaign aimed at the Windows computers running Chrome.
In a blog post, Kaspersky called the Operation Forumroll campaign, and said the victims were targeted by a phishing email inviting them to a Global Russian political summit. When an email was clicked, the victims were sent to a malicious website that immediately uses the error to gain access to the victim’s PC data.
Kaspersky gave little detail about the error in the chrome piece, but said the mistake allowed the attackers to bypass the Chrome sandbox protections, which limit the browser’s input to other data on the user’s computer. Kaspersky said the error affects all other browsers based on Google’s Chromium engine.
In a particular analysis, Kaspersky said the error is likely to be used in a spy campaign, usually created to secretly monitor and stole data from equipping a target, usually for a period of time. The Russian -based security firm said hackers sent personalized email to Russian media representatives and employees in educational institutions.
It is unclear who was using the mistake, but Kaspersky attributed the campaign to a possible state -sponsored group or government -backed group.
Browsers like chrome are a frequent target for malicious hackers and government -backed groups. Errors with zero days capable of violating their defenses and in the sensitive data of the victim’s device can be sold at high prices. In 2024, a Zero Day broker was offering up to $ 3 million for exploitative errors that could be driven by the Internet.
Google said Chrome’s updates will emerge over the coming days and weeks.
