Insufficient Policy Enforcement in Google Chrome Affects Cross-Origin Data Security
CVE-2025-4664
Key Information:
Badges
What is CVE-2025-4664?
An issue has been identified in Google Chrome where insufficient policy enforcement in the Loader component allows remote attackers to exploit vulnerabilities via a specially crafted HTML page. This could lead to the leakage of cross-origin data, potentially compromising user security and privacy. Users are urged to update to the latest version to mitigate this risk.
CISA has reported CVE-2025-4664
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-4664 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome 136.0.7103.113
News Articles
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser.
10 hours ago
GBHackers NewsCVE-2025-4664Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild
Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux.
1 day ago
The Hacker NewsCVE-2025-4664New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Chrome flaw CVE-2025-4664 enables cross-origin data leaks; active exploit confirmed; update to 136.0.7103.113.
1 day ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved