Google has recently addressed a high-severity vulnerability in its Chrome web browser that could potentially allow attackers to exploit user data through a flaw in the Loader component. This vulnerability, identified as CVE-2025-4664, poses a significant risk of account takeover if successfully exploited.

Key Takeaways

• Vulnerability Identified: CVE-2025-4664 allows remote attackers to leak cross-origin data.

• Public Exploit: Google confirmed that an exploit for this vulnerability exists in the wild.

• Immediate Updates Recommended: Users are urged to update their Chrome browsers to the latest versions to mitigate risks.

Understanding The Vulnerability

The vulnerability stems from insufficient policy enforcement in Chrome's Loader component, which is responsible for handling resource requests. Security researcher Vsevolod Kokorin discovered that the Link header in sub-resource requests can be manipulated to set a referrer-policy that captures sensitive query parameters.

• How It Works: Unlike other browsers, Chrome resolves the Link header on sub-resource requests, which can lead to the exposure of sensitive data.

• Potential Risks: Query parameters often contain sensitive information, such as OAuth tokens, which can lead to full account takeovers if intercepted.

Google’s Response

In response to the discovery, Google has rolled out emergency security updates for Chrome users. The patched versions are:

• Windows/Linux: 136.0.7103.113

• macOS: 136.0.7103.114

Users are encouraged to check for updates manually or allow Chrome to update automatically upon the next launch. This proactive measure is crucial, especially since the vulnerability has been linked to potential active exploitation.

Previous Vulnerabilities

This incident follows another high-severity zero-day vulnerability (CVE-2025-2783) that was exploited to deploy malware in targeted attacks. Google has been actively addressing security flaws, having patched multiple zero-days in the past year, highlighting the ongoing challenges in browser security.

Recommendations For Users

To protect against potential threats from this vulnerability, users should:

1. Update Chrome: Ensure that your browser is updated to the latest version.

2. Monitor Accounts: Keep an eye on account activity for any unauthorized access.

3. Be Cautious: Avoid clicking on suspicious links or downloading unverified content.

The discovery of CVE-2025-4664 underscores the importance of maintaining up-to-date software to safeguard against emerging threats. As cyber threats continue to evolve, users must remain vigilant and proactive in securing their online presence. Google’s swift action in addressing this vulnerability is a reminder of the ongoing battle between security researchers and cybercriminals.

As cyber threats grow more sophisticated, staying informed is more important than ever. BetterWorld Technology delivers advanced cybersecurity solutions designed to adapt with the threat landscape—ensuring your business stays protected while continuing to innovate. Take the first step toward stronger security—contact us today for a consultation!

Sources

• Google fixes high severity Chrome flaw with public exploit, BleepingComputer.

• New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy, The Hacker News.