AI description
CVE-2025-4664 is a vulnerability affecting Google Chrome's Loader component. The vulnerability stems from insufficient policy enforcement, which allows a remote attacker to potentially leak cross-origin data by using a crafted HTML page. The vulnerability was discovered by security researcher Vsevolod Kokorin (@slonser_) and reported on May 5, 2025. Google has released updates to address this issue in Chrome versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. It is recommended that users update their Chrome browsers to these versions to mitigate the risk.
- Description
- Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Google Chromium Loader Insufficient Policy Enforcement Vulnerability
- Exploit added on
- May 15, 2025
- Exploit action due
- Jun 5, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
34
🍪 Global Admin Entra Cookie + Chrome Zero-Day 💀 Chrome CVE-2025-4664 lets attackers steal sensitive tokens just by visiting a malicious site. Check for Global Admin Entra cookies at risk with this KQL! 💥 https://t.co/lhEpsYVLf3 https://t.co/exSoYMFdAy
@0x534c
4169 Impressions
15 Retweets
99 Likes
90 Bookmarks
0 Replies
0 Quotes
🔒 Critical Chrome Zero-Day (CVE-2025-4664): Update Now or Risk Credential Leakage Google has pushed an emergency update for Chrome addressing a high-severity vulnerability (CVE-2025-4664), already exploited in the wild. Need help? Contact us - https://t.co/aq8HgdA8Xh https:/
@SecurityJoes
135 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Our next track is dedicated to CVE-2025-4664, the DPRK, Evilginx, and our very own Chaos Kitten Yuki's birthday
@uwu_underground
2362 Impressions
5 Retweets
60 Likes
0 Bookmarks
6 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4664 #Google #Chromium Loader Insufficient Policy Enforcement Vulnerability https://t.co/DjyZaYsSqF
@ScyScan
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Google has issued an emergency Chrome update (version 136.0.7103.113/.114) to fix a critical vulnerability (CVE-2025-4664) allowing attackers to steal sensitive data. -Patch now- https://t.co/Dz0012vjRj
@H4ckManac
12076 Impressions
77 Retweets
146 Likes
21 Bookmarks
1 Reply
2 Quotes
Chromeの重大な脆弱性「CVE-2025-4664」、CISAが“既知の悪用対象脆弱性”に指定- 全ユーザーに早急なパッチ適用を推奨 https://t.co/ZRhx4m4hOJ
@AnxieLamb
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chromeの重大な脆弱性「CVE-2025-4664」、CISAが“既知の悪用対象脆弱性”に指定- 全ユーザーに早急なパッチ適用を推奨 #セキュリティ対策Lab #セキュリティ #Security https://t.co/JtJsvh3Pzr
@securityLab_jp
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA: 最近修正された Chrome の脆弱性が悪用される (CVE-2025-4664) CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) #HelpNetSecurity (May 16) https://t.co/qQJYvGZbuO
@foxbook
253 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Urgent Chrome security update needed! A critical flaw (CVE-2025-4664) is being exploited to steal data. Google released a fix; you MUST update & *relaunch* Chrome now. Applies to Edge too. US feds must update by June 5. https://t.co/QqbDACwLxI
@Jfreeg_
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On the 3rd hand, Google has released an urgent update for its Chrome browser aimed at fixing a critical vulnerability that could allow attackers to steal sensitive user data and potentially lead to complete account takeover. The vulnerability has been identified as CVE-2025-4664.
@ITBel
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome脆弱性CVE-2025-4664が悪用確認、アカウント情報漏洩のリスクも - innovaTopia https://t.co/2WmnrpjbAM #izumino_trend
@sec_trend
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Allarme sicurezza su Chrome Scoperta una nuova vulnerabilità zero-day (CVE-2025-4664) già attivamente sfruttata. 📌 Basta una pagina HTML per rubare i tuoi dati! 🎥 Guarda il video per capire cosa succede e come proteggerti 👉 https://t.co/rEe8PLi3l2
@Enricocst
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Google patches 4 Chrome security flaws, one actively exploited (CVE-2025-4664). #CyberSecurity #Chrome https://t.co/ZdRMiufDjV https://t.co/SMoWOAsnkZ
@CyberHub_blog
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Protecting Critical Identities Amid Chrome Zero-Day CVE-2025-4664 https://t.co/qz1nWJZmh0 Identify Critical Identities with CVE-2025-4664: https://t.co/1gFZwy8L1a https://t.co/TAxQFGDEIy
@0x534c
1354 Impressions
7 Retweets
23 Likes
13 Bookmarks
0 Replies
0 Quotes
CISA warned U.S. agencies to secure systems against a Chrome vulnerability (CVE-2025-4664) discovered by Vsevolod Kokorin. Exploitation could leak sensitive data via malicious HTML pages. Security updates released. #Security https://t.co/slh7vk3B2g
@Strivehawk
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on actively exploited Google Chromium vulnerability CVE-2025-4664. Update your browsers now to versions 136.0.7103.113/.114. #CyberSecurity #ChromeUpdate #CISAAlert https://t.co/NaAajbw1CC
@dailytechonx
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on actively exploited Google Chromium vulnerability CVE-2025-4664. Update your browsers now to versions 136.0.7103.113/.114. #CyberSecurity #ChromeUpdate #CISAAlert https://t.co/NaAajbvtN4
@dailytechonx
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Active Exploitation of Chrome Zero-Day CVE-2025-4664! 🚨 Attackers are leveraging CVE-2025-4664 to extract cross-origin data using crafted HTML pages. While Google has rolled out a patch, exploitation persists. https://t.co/qz1nWJYOrs KQL: https://t.co/p1eapa
@0x534c
670 Impressions
5 Retweets
17 Likes
10 Bookmarks
0 Replies
0 Quotes
구글 크롬의 치명적 보안취약점이 실제로 악용되고 있다는 보고. 취약점 번호 : CVE-2025-4664 공격자가 조작된 HTML + 이미지 트랩을 통해 계정 자격 증명 같은 민감한 데이터 탈취 가능. (URL 지정 및 쿼리 매개변수 캡
@OxBw27B18Xt0Ilz
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA: Recently fixed #Chrome #vulnerability exploited in the wild (#CVE-2025-4664) https://t.co/d2qQuGsx4N
@ScyScan
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts US federal agencies to patch a critical Chrome vulnerability (CVE-2025-4664) actively exploited in the wild, risking data leaks & account takeovers. Stay alert! 🔐 #CyberThreat #US #Chrome https://t.co/9AZDPavveO
@TweetThreatNews
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Aktualizujte si Chrome, Edge a ostatní prohlížeče založené na Chromiu. Řeší 0-day CVE-2025-4664 https://t.co/qg3313YfOq
@KamilZm
469 Impressions
1 Retweet
16 Likes
0 Bookmarks
1 Reply
0 Quotes
Google Chrome's May update (versions 136.0.7103.113/.114) patches critical vulnerabilities, including actively exploited CVE-2025-4664 and the year's first zero-day CVE-2025-2783. Enjoy improved performance and new features! 🚀 #BrowserUpdate #SecurityAl… https://t.co/l2Rux7U
@TweetThreatNews
85 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4664の記事面白かった
@ishiyuriniwa
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Edge 136.0.3240.76 korrigiert 2 Sicherheitslücken inkl. der CVE-2025-4664 Microsoft hat gestern Abend noch ein Update für den Microsoft Edge im Stable Kanal bereitgestellt. D... https://t.co/SRChzWdT1x
@deskmodder
91 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
新たなChromeの脆弱性により、ローダーのリファラポリシーを介したクロスオリジンデータ漏洩が可能に(CVE-2025-4664) https://t.co/ip8JVBGdbm #Security #セキュリティ #ニュース
@SecureShield_
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
جوجل تُطلق تحديثًا أمنيًا عاجلًا لمتصفح #Chrome لإغلاق ثغرة خطيرة (CVE-2025-4664) قد تُمكّن القراصنة من سرقة حساباتك! التحديث متوفر الآن — فقط أعد تشغيل المتصفح فو
@mjbtechtips
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
If you're using an outdated version of Chrome, you're at risk—CVE-2025-4664 is already under active exploitation. More below: https://t.co/HrxCsuF49k
@NetizenCorp
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Re: CVE-2025-4664 (cross origin leak)— not to discredit the finding, but if it’s a real vuln, why does the HTML spec say it works as intended? It states referrer policy attributes override the HTTP header. https://t.co/cIZcANVfNg
@hugopicanzo
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google a publié des mises à jour de sécurité d'urgence pour corriger une vulnérabilité de haute gravité dans Chrome (CVE-2025-4664), pouvant mener à une prise de contrôle totale du compte. Des exploits publics existent déjà. https://t.co/357A7GZYEd
@cert_ist
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اكتُشفت ثغرة أمنية في متصفح #Chrome (CVE-2025-4664) تتيح للمهاجمين سرقة بيانات حساسة عبر صفحات HTML ضارة. الثغرة قيد الاستغلال حاليًا حول العالم. يُنصح بتحديث المتصف
@MAlajab
451 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔄 Внепланово обновляем Chrome Google выпустила экстренное обновление безопасности для Chrome, которое устраняет уязвимость CVE-2025-4664: https://t.co/CguuHCUpiK Через эту дыр
@Kaspersky_ru
179 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
💠High-severity Chrome vuln (CVE-2025-4664) exploited in the wild! Google issues emergency patch—update now: 🔰Win/Linux: 136.0.7103.113 🔰macOS: 136.0.7103.114 💠Flaw leaks cross-origin data via malicious HTML—risking OAuth tokens & account takeover. ♻️St
@Samuel257196756
333 Impressions
4 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
A high-severity Chrome vulnerability CVE-2025-4664 lets attackers bypass cross-origin restrictions and exfiltrate sensitive data using a malicious HTML page. Update to 136.0.7103.113 or later to mitigate. #ChromeSecurity #BrowserVulnerability #RemoteAttack #ActiveExploit https://
@CloneSystemsInc
51 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome Bug Let Hackers Leak Cross-Site Data Google patched CVE-2025-4664, a high-severity flaw letting attackers steal sensitive info via crafted pages. Update Chrome now. https://t.co/Fos1LtsH3y #Chrome #ZeroDay #CyberSecurity #Privacy https://t.co/aYzQY0gvgs
@dCypherIO
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome 136 patches four security flaws, including one actively exploited in the wild (CVE-2025-4664). The critical bug involved cross-origin data leaks via the Loader. Update now if using Windows, macOS, or Linux! 🔒🛡️ #CyberNews #BrowserSecurity https://t.co/VxfWQp
@TweetThreatNews
112 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A new Chrome vulnerability (CVE-2025-4664) enables cross-origin data leaks via the Loader component, with active exploits in the wild. Keep browsers updated to stay protected. 🚨 #BrowserSecurity #DataLeak #UK https://t.co/GxbKw4GtZ9
@TweetThreatNews
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google has issued urgent updates for Chrome to fix CVE-2025-4664, a severe flaw allowing data leaks and account takeover via malicious HTML. The vulnerability is actively exploited worldwide. Stay protected! ⚠️ #ChromeFix #DataLeak #UK https://t.co/Y1LkkaYz2I
@TweetThreatNews
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome en danger : mettez à jour d’urgence face à la faille Zero-Day CVE-2025-4664 https://t.co/3cLYorR4ZH
@AndroidMT
127 Impressions
3 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome’s latest flaw (CVE-2025-4664) could let hackers swipe your sensitive data via crafty HTML tricks. Are you updated enough to stay safe? https://t.co/q1NqGSy2nc
@DefendOpsHQ
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Warning: A new high-severity Google Chrome flaw is being actively exploited in the wild. CVE-2025-4664 allows attackers to steal sensitive data like account credentials via crafted HTML + image traps. It affects Chrome < 136.0.7103.113 — and like... https://t.co/cFFRH
@IT_news_for_all
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Warning: A new high-severity Google Chrome flaw is being actively exploited in the wild. CVE-2025-4664 allows attackers to steal sensitive data like account credentials via crafted HTML + image traps. It affects Chrome < 136.0.7103.113 — and likely other Chromium-base
@TheHackersNews
74228 Impressions
109 Retweets
231 Likes
62 Bookmarks
4 Replies
7 Quotes
🚨 CVE Alert: Google Chrome Insufficient Policy Enforcement Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4664 (High) Google Chrome Insufficient Policy Enforcement Vulnerability Impact: A successful exploit may allows a remote attacker to leak https:
@CyberxtronTech
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Google Chrome Insufficient Policy Enforcement Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-4664 (High) Google Chrome Insufficient Policy Enforcement Vulnerability Impact: A successful exploit may allows a remote attacker to leak https:
@CyberxtronTech
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild #Google #Chrome 136.0.7103.113/.114 patches 4 security bugs including CVE-2025-4664, a zero-day exploit found in the wild. Users urged to update immediately. https://t.co/Co74AjlZpb
@the_yellow_fall
118 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A0348CA-E6CE-457D-8AAC-1E97E6E793A4",
"versionEndExcluding": "136.0.7103.113"
}
],
"operator": "OR"
}
]
}
]