Welcome to IT-Branschen – The Channel for IT News, Cybersecurity and Digital Trends

For Companies, Suppliers and Decision Makers in the IT Industry

Digital strategy and insights for decision-makers in the IT industry

Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Subscribe
Facebook Twitter Instagram LinkedIn Pinterest
Contact us

Important security update: Google releases emergency patch for Chrome

IT industrybyIT industry
June 4, 2025
Google releases urgent security update for Chrome Google releases urgent security update for Chrome

on Wednesday Google released updates to fix four security issues in its Chrome browser, including one for which they said there is an exploit in the works.

The high severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader.

“Insufficient policy enforcement in Loader i Google Chrome before 136.0.7103.113 allowed a remote attacker to leak data from various origins via a specially crafted HTML page,” according to a description of the error.

Advertisement

The tech giant credited security researcher Vsevolod Kokorin (@slonser_) for describing the flaw in X on May 5, 2025, adding that they are aware that “an exploit for CVE-2025-4664 exists in the wild.”

“Unlike other browsers, Chrome resolves the link header on subresource requests,” Kokorin said in a series of posts on X earlier this month. “The problem is that the link header can specify a referrer policy. We can specify unsafe-url and capture the full query parameters.”

The researcher further added that query parameters can contain sensitive information that could lead to complete account takeover and that the information about query parameters can be stolen via an image from a third-party resource.

It is not clear whether the vulnerability was exploited in a malicious context outside of this proof-of-concept (PoC) demonstration. CVE-2025-4664 is the second vulnerability after CVE-2025-2783 which has fallen under “active exploitation” in a free state.

To protect against potential threats, it is recommended to update your Chrome browser to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to install the patches as they become available.

Update #

The US Cybersecurity and Infrastructure Security Agency (CISA) laid on Thursday to CVE-2025-4664 in its catalog of known exploited vulnerabilities ( KEV ), which requires federal agencies to install the fixes by June 5, 2025

Share
Share
Pin it
Tweet
Share
Share
IT industrybyIT industry
Published

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
convendum banner
Advertisement

READ MORE