Chrome Zero-Days & Firefox Malware: Emergency Browser Updates Critical

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

• Security researchers identified GhostPoster malware embedded within 17 malicious Firefox add-ons, which collectively accumulated over 50,000 downloads.
• The malware was designed to manipulate social media platforms and engage in various ad fraud activities, compromising user data and platform integrity.
• Firefox has since removed these compromised extensions from its store, but users who installed them must manually remove them from their browsers.

Source: The Hacker News | Date: December 17, 2025

Operation ForumTrol Exploits Chrome Zero-Day in New Phishing Campaign

• Operation ForumTrol, a known sophisticated threat actor group, is actively exploiting a Chrome zero-day vulnerability in its latest phishing campaign.
• The campaign employs novel phishing techniques, shifting focus to client-side exploitation to facilitate user compromise and data exfiltration.
• Users are urged to exercise extreme caution with suspicious emails and ensure their browsers are patched to the latest versions to mitigate against this active threat.

Source: CyberSecurityNews | Date: December 17, 2025

Chrome Zero-Day Vulnerabilities Exploited Throughout 2025

• Google Chrome has consistently faced multiple zero-day exploits throughout 2025, primarily targeting its core components like the V8 JavaScript engine and WebKit rendering engine.
• These vulnerabilities have been actively exploited in the wild by various threat actors, including state-sponsored groups and sophisticated cybercriminal organizations.
• The ongoing exploitation trend underscores the critical importance of prompt patching and maintaining a robust browser security posture to defend against advanced persistent threats.

Source: CyberSecurityNews | Date: December 17, 2025

Chrome Security Update Patches Critical Remote Code Execution Flaws

• Google has released a crucial security update for Chrome to address several critical vulnerabilities, including flaws that could lead to remote code execution (RCE).
• These RCE vulnerabilities enable attackers to execute arbitrary code within the user's browser context, potentially leading to full system compromise.
• All Chrome users are strongly advised to update their browsers immediately to the latest patched version to protect against these high-severity risks.

Source: CyberSecurityNews | Date: December 17, 2025

Google Chrome Emergency Update Fixes High-Severity Memory Corruption in WebGPU and V8

• Google issued an emergency security update for Chrome, addressing high-severity memory corruption vulnerabilities found in its WebGPU and V8 JavaScript engine components.
• These specific flaws could be exploited to achieve arbitrary code execution or facilitate information disclosure within the browser environment.
• Users should update their Chrome browsers to version 120.0.6099.109 or later, which includes the necessary fixes for these critical security issues.

Source: SecurityOnline.info | Date: December 17, 2025

References

1. GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads - The Hacker News
2. Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign - CyberSecurityNews
3. Chrome Zero-Day Vulnerabilities Exploited in 2025 – A Comprehensive Analysis - CyberSecurityNews
4. Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution - CyberSecurityNews
5. Google Chrome Emergency Update: High-Severity Memory Corruption Flaws Fixed in WebGPU and V8 - SecurityOnline.info