AI description
CVE-2025-4664 is a vulnerability affecting Google Chrome's Loader component. The vulnerability stems from insufficient policy enforcement, which allows a remote attacker to potentially leak cross-origin data by using a crafted HTML page. The vulnerability was discovered by security researcher Vsevolod Kokorin (@slonser_) and reported on May 5, 2025. Google has released updates to address this issue in Chrome versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. It is recommended that users update their Chrome browsers to these versions to mitigate the risk.
- Description
- Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
🚨 CISA warns: Chrome 0-day (CVE-2025-4664) is under active attack. • Exploited via crafted HTML pages • Emergency patches now available ⚡Update fast & stay protected with https://t.co/rBZpvH2BsW - easy, affordable, powerful. 🔗https://t.co/GzIwB9YbIA https://t.co/w
@CyberSuite_com
24 Sept 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
No carrossel de updates também teve Chrome e Firefox fechando zero-days (CVE-2025-5419 e CVE-2025-4664)
@hashtagsec
7 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Urgent: Microsoft patches 66 flaws! CVE-2025-33053 (WebDAV) is exploited—clicking malicious links can hack your PC. 1️⃣Update Windows NOW to stay safe! Also, 2️⃣Update Edge/Chrome for CVE-2025-4664, CVE-2025-5419 fixes. #PatchTuesday #Cybersecurity https://t.c
@CyberWolfGuard
21 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Des milliards d'utilisateurs de Chrome 🌐 sont exposés à une faille critique (CVE-2025-4664) qui permet de voler vos données sensibles 💥🔓 Comment se protéger ? L'article en 1er commentaire 👉 https://t.co/RIs3eMIQGT
@radiosiskofm
5 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ثغرة خطيرة في متصفح كروم تهدد مليارات المستخدمين! 😱 جوجل أصدرت تحديثًا عاجلًا (CVE-2025-4664) لحماية بياناتك. حدّث المتصفح فورًا! 🔒 https://t.co/1unN2HqKzw https://t.co/oevlG8R6rB
@Arageek
5 Jun 2025
302 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
3 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google lanzó un parche de emergencia para corregir la vulnerabilidad CVE-2025-4664 en Chrome, que ya está siendo explotada activamente. #GoogleChrome #Ciberseguridad #Vulnerabilidad #ActualizaciónUrgente #TechNews #20xx https://t.co/FTS1LRLW7k
@20XXnoticias
30 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
30 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild https://t.co/UHQTzJcWbh
@Jeyso215
28 May 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
27 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Chrome bajo ataque: vulnerabilidad crítica CVE-2025-4664 https://t.co/BhTbk9UYvE #Internet #Noticia #Tecnología #Ciberseguridad vía @unaaldia https://t.co/ClyHn1BwG5
@Securizame
26 May 2025
187 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome Flaw CVE-2025-4664 May Enable Account Takeover https://t.co/5rujKmL82x
@cyber_advising
25 May 2025
1639 Impressions
2 Retweets
15 Likes
6 Bookmarks
0 Replies
0 Quotes
Chrome bajo ataque: vulnerabilidad crítica CVE-2025-4664 https://t.co/4vrCBUsYug
@unaaldia
25 May 2025
801 Impressions
4 Retweets
9 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
25 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 Zero-day vulnerability CVE-2025-4664 in Chrome exposes login tokens on Windows and Linux. Google releases patch. #CyberSecurity #Chrome https://t.co/VwHVJVoA2Q https://t.co/TFdWuVvFxU
@CyberHub_blog
24 May 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A zero-day flaw CVE-2025-4664 impacts Chrome on Windows and Chromium on Linux, allowing malicious sites to leak sensitive cross-origin data via HTTP Link headers. Wazuh’s tools can help detect affected endpoints 🔒. #CVE2025 #Security #UK https://t.co/0VYWqpfcg1
@TweetThreatNews
24 May 2025
108 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
23 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Originally from: Wazuh: Detecting Chrome CVE-2025-4664 vulnerability with Wazuh https://t.co/b2q3imunS9 ( :-{ı▓ #wazuh #siem #cyberresearch https://t.co/Q0NBUXbvPj
@Cyb3rR3s34rch
23 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-4664 de #Chrome: El cargador de Google Chrome anterior a la versión 136.0.7103.113 permitió que un atacante remoto filtrara datos de origen cruzado mediante una página HTML manipulada. (Severidad de seguridad de Chromium: Alta) https://t.co/skwiinWjpK
@Race_Banon
21 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google released an emergency update for the Chrome browser to patch a critical vulnerability, CVE-2025-4664 which is an insufficient policy enforcement in the Chrome Loader component. The vulnerability is caused by the security policies not being applied properly to Link headers.
@BlackpointUS
21 May 2025
98 Impressions
2 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4664 is a zero-day vulnerability recently discovered to affect Google Chrome and Chromium web browsers on Windows and Linux endpoints, respectively. Read on: https://t.co/2ALJMMDOMw #InformationSecurity #CyberSecurity #OpenSource
@wazuh
21 May 2025
1220 Impressions
13 Retweets
36 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 #Chrome Zero-Day Alert: Global Admin Entra Cookie at Risk (#CVE-2025-4664) https://t.co/jK8eRzVLLq Educational Purposes!
@UndercodeUpdate
21 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
21 May 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🍪 Global Admin Entra Cookie + Chrome Zero-Day 💀 Chrome CVE-2025-4664 lets attackers steal sensitive tokens just by visiting a malicious site. Check for Global Admin Entra cookies at risk with this KQL! 💥 https://t.co/lhEpsYVLf3 https://t.co/exSoYMFdAy
@0x534c
20 May 2025
9805 Impressions
32 Retweets
165 Likes
157 Bookmarks
0 Replies
0 Quotes
🔒 Critical Chrome Zero-Day (CVE-2025-4664): Update Now or Risk Credential Leakage Google has pushed an emergency update for Chrome addressing a high-severity vulnerability (CVE-2025-4664), already exploited in the wild. Need help? Contact us - https://t.co/aq8HgdA8Xh https:/
@SecurityJoes
20 May 2025
145 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Our next track is dedicated to CVE-2025-4664, the DPRK, Evilginx, and our very own Chaos Kitten Yuki's birthday
@uwu_underground
20 May 2025
2516 Impressions
5 Retweets
62 Likes
3 Bookmarks
6 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
20 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-4664 #Google #Chromium Loader Insufficient Policy Enforcement Vulnerability https://t.co/DjyZaYsSqF
@ScyScan
19 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Google has issued an emergency Chrome update (version 136.0.7103.113/.114) to fix a critical vulnerability (CVE-2025-4664) allowing attackers to steal sensitive data. -Patch now- https://t.co/Dz0012vjRj
@H4ckmanac
19 May 2025
12076 Impressions
77 Retweets
146 Likes
21 Bookmarks
1 Reply
2 Quotes
Chromeの重大な脆弱性「CVE-2025-4664」、CISAが“既知の悪用対象脆弱性”に指定- 全ユーザーに早急なパッチ適用を推奨 https://t.co/ZRhx4m4hOJ
@AnxieLamb
19 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chromeの重大な脆弱性「CVE-2025-4664」、CISAが“既知の悪用対象脆弱性”に指定- 全ユーザーに早急なパッチ適用を推奨 #セキュリティ対策Lab #セキュリティ #Security https://t.co/JtJsvh3Pzr
@securityLab_jp
19 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA: 最近修正された Chrome の脆弱性が悪用される (CVE-2025-4664) CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) #HelpNetSecurity (May 16) https://t.co/qQJYvGZbuO
@foxbook
19 May 2025
253 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Urgent Chrome security update needed! A critical flaw (CVE-2025-4664) is being exploited to steal data. Google released a fix; you MUST update & *relaunch* Chrome now. Applies to Edge too. US feds must update by June 5. https://t.co/QqbDACwLxI
@Jfreeg_
18 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On the 3rd hand, Google has released an urgent update for its Chrome browser aimed at fixing a critical vulnerability that could allow attackers to steal sensitive user data and potentially lead to complete account takeover. The vulnerability has been identified as CVE-2025-4664.
@ITBel
18 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chrome脆弱性CVE-2025-4664が悪用確認、アカウント情報漏洩のリスクも - innovaTopia https://t.co/2WmnrpjbAM #izumino_trend
@sec_trend
18 May 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4664
@transilienceai
17 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Allarme sicurezza su Chrome Scoperta una nuova vulnerabilità zero-day (CVE-2025-4664) già attivamente sfruttata. 📌 Basta una pagina HTML per rubare i tuoi dati! 🎥 Guarda il video per capire cosa succede e come proteggerti 👉 https://t.co/rEe8PLi3l2
@Enricocst
17 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 Google patches 4 Chrome security flaws, one actively exploited (CVE-2025-4664). #CyberSecurity #Chrome https://t.co/ZdRMiufDjV https://t.co/SMoWOAsnkZ
@CyberHub_blog
17 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2025
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️Protecting Critical Identities Amid Chrome Zero-Day CVE-2025-4664 https://t.co/qz1nWJZmh0 Identify Critical Identities with CVE-2025-4664: https://t.co/1gFZwy8L1a https://t.co/TAxQFGDEIy
@0x534c
17 May 2025
1354 Impressions
7 Retweets
23 Likes
13 Bookmarks
0 Replies
0 Quotes
CISA warned U.S. agencies to secure systems against a Chrome vulnerability (CVE-2025-4664) discovered by Vsevolod Kokorin. Exploitation could leak sensitive data via malicious HTML pages. Security updates released. #Security https://t.co/slh7vk3B2g
@Strivehawk
17 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on actively exploited Google Chromium vulnerability CVE-2025-4664. Update your browsers now to versions 136.0.7103.113/.114. #CyberSecurity #ChromeUpdate #CISAAlert https://t.co/NaAajbw1CC
@dailytechonx
16 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on actively exploited Google Chromium vulnerability CVE-2025-4664. Update your browsers now to versions 136.0.7103.113/.114. #CyberSecurity #ChromeUpdate #CISAAlert https://t.co/NaAajbvtN4
@dailytechonx
16 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Alert: Active Exploitation of Chrome Zero-Day CVE-2025-4664! 🚨 Attackers are leveraging CVE-2025-4664 to extract cross-origin data using crafted HTML pages. While Google has rolled out a patch, exploitation persists. https://t.co/qz1nWJYOrs KQL: https://t.co/p1eapa
@0x534c
16 May 2025
670 Impressions
5 Retweets
17 Likes
10 Bookmarks
0 Replies
0 Quotes
구글 크롬의 치명적 보안취약점이 실제로 악용되고 있다는 보고. 취약점 번호 : CVE-2025-4664 공격자가 조작된 HTML + 이미지 트랩을 통해 계정 자격 증명 같은 민감한 데이터 탈취 가능. (URL 지정 및 쿼리 매개변수 캡
@OxBw27B18Xt0Ilz
16 May 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA: Recently fixed #Chrome #vulnerability exploited in the wild (#CVE-2025-4664) https://t.co/d2qQuGsx4N
@ScyScan
16 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts US federal agencies to patch a critical Chrome vulnerability (CVE-2025-4664) actively exploited in the wild, risking data leaks & account takeovers. Stay alert! 🔐 #CyberThreat #US #Chrome https://t.co/9AZDPavveO
@TweetThreatNews
16 May 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Aktualizujte si Chrome, Edge a ostatní prohlížeče založené na Chromiu. Řeší 0-day CVE-2025-4664 https://t.co/qg3313YfOq
@KamilZm
16 May 2025
469 Impressions
1 Retweet
16 Likes
0 Bookmarks
1 Reply
0 Quotes
Google Chrome's May update (versions 136.0.7103.113/.114) patches critical vulnerabilities, including actively exploited CVE-2025-4664 and the year's first zero-day CVE-2025-2783. Enjoy improved performance and new features! 🚀 #BrowserUpdate #SecurityAl… https://t.co/l2Rux7U
@TweetThreatNews
16 May 2025
85 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4664の記事面白かった
@ishiyuriniwa
16 May 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A0348CA-E6CE-457D-8AAC-1E97E6E793A4",
"versionEndExcluding": "136.0.7103.113"
}
],
"operator": "OR"
}
]
}
]