Chrome Zero-Day Exploited by Commercial Spyware in Nation-State Attacks

Chrome zero-day CVE-2025-2783 exploited by commercial spyware "Dante" in Operation ForumTroll targeting Russian and Belarus entities.

By Content Team

Oct 28, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Kaspersky researchers discovered that a Chrome zero-day vulnerability (CVE-2025-2783) was exploited earlier this year using commercial spyware called "Dante" from Memento Labs. The attacks, part of "Operation ForumTroll," targeted government and private entities in Russia and Belarus through personalized phishing emails.

Memento Labs is the successor to Hacking Team, which was compromised in 2015 but relaunched in 2019. The sophisticated exploit bypassed Chrome's sandbox protections by exploiting an obscure Windows quirk involving "pseudo handles" - a decades-old optimization that became a security vulnerability.

This case highlights how commercial spyware vendors are driving zero-day attacks against major tech companies. Google has patched the flaw, but researchers warn similar vulnerabilities may exist in other applications.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

574 Arrested in Major African Cybercrime Crackdown

Dec 25, 2025

Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested

Jan 10, 2026

Massive Supply Chain Attack on Trivy Tool Threatens Thousands of Organizations

Mar 25, 2026

Cyber Fraud Now Top CEO Fear, Overtaking Ransomware Threat

Jan 14, 2026