Introduction

Google has recently confirmed and patched a critical security flaw in its Chrome browser, tracked as CVE-2025-4664. This vulnerability has raised concerns among cybersecurity professionals and web users alike as it allows attackers to exploit Chrome’s Loader referrer policy to leak sensitive cross-origin data. With active exploitations already observed in the wild, the urgency to update to Chrome version 136.0.7103.113 (or later) cannot be overstated. In this article, we’ll explore how the vulnerability works, its potential risks, and the steps required to secure your browser immediately.

How Does CVE-2025-4664 Work?

At the core of this vulnerability lies a weakness in the enforcement of policies within the Loader component of Chrome. According to the CVE description, the issue enables an attacker to craft an HTML page that manipulates the Link header on sub-resource requests. This exploitation allows the attacker to specify an unsafe referrer policy and thereby leak full query parameters from URLs during web browsing.

Specifically, the flaw is due to the way Chrome resolves the Link header on sub-resource requests. As detailed by well-known security researcher Vsevolod Kokorin (@slonser_ on X), the attacker can capture sensitive query parameters embedded within URLs via a third-party image load. These parameters may contain critical information that could facilitate a full account takeover if intercepted by malicious actors.

• Exploit Mechanism: Manipulation of the Link header to force an unsafe referrer policy.
• Data at Risk: Inclusion of sensitive query parameters which could lead to account takeover.
• Technical Detail: The vulnerability stems from insufficient policy enforcement in the Loader component.

Is Your Chrome Browser Vulnerable?

If you are using a version of Chrome prior to 136.0.7103.113, your browser is likely vulnerable to this exploit. To verify your version, follow these simple steps:

1. Open Chrome and navigate to chrome://settings/help.
2. Check the current version of your Chrome browser.
3. If your version is older than 136.0.7103.113, it’s crucial to update immediately.

This vulnerability is not confined to just Google Chrome. Other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also expected to roll out patches as soon as they can verify a fix.

How to Fix the Vulnerability

The solution is straightforward: update your browser immediately. Google has released the updated versions for Windows and Mac (136.0.7103.113 or .114) and Linux users are recommended to update to version 136.0.7103.113. You can always verify the release details on Google Chrome’s official update page.

For non-Chrome users operating on Chromium-based browsers, keep an eye on your respective vendor’s patch notes and security advisories. Staying informed through official channels ensures that you receive timely updates and protection against similar vulnerabilities.

Broader Implications of the Vulnerability

This vulnerability not only exposes individual users to risk but also contributes to the broader security landscape affecting web applications worldwide. The potential for account takeover and data exfiltration makes this flaw one of the most critical issues faced by Chrome users this year. Notably, CVE-2025-4664 comes shortly after another zero-day vulnerability, CVE-2025-2783, stressing the importance of a proactive approach in browser security.

Enterprises, IT administrators, and cybersecurity professionals must remain vigilant. Regularly reviewing security advisories, implementing browser version controls, and educating users on safe browsing practices are necessary steps in mitigating the risks associated with such vulnerabilities.

Additional Considerations and Best Practices

• Regularly update all software to the latest versions.
• Monitor security blogs and official browser update feeds.
• Consider using security extensions or enterprise-level monitoring tools.

Conclusion & Call-to-Action

The discovery and exploitation of the Chrome vulnerability CVE-2025-4664 serve as a stark reminder of the constant threats evolving in our digital landscape. Immediate action is critical: update your browser to the latest version without delay to safeguard your personal data and mitigate potential security breaches.

Not only does this update protect against cross-origin data leaks, but it also underscores the importance of maintaining up-to-date security practices in all aspects of technology use. For more detailed information about the update and further security advisories, refer to the official Chrome update page and the CVE record.

Action Required: Click the button below to download the latest Chrome update and ensure your system remains secure.

Download Chrome Update

Stay safe and keep your digital environment secure!