Home > Security > Security News

Google Issues Emergency Chrome Update to Patch an Actively Exploited Vulnerability

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
Google Chrome

Google has released an emergency update for its Chrome browser to patch a critical vulnerability identified as CVE-2025-4664, which is presently being exploited by malicious actors. 

Highlighting the seriousness of this exploit, the Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. 

This flaw is located within the Chrome Loader component, a critical part of the browser responsible for handling resource requests whenever a website is accessed. 

Google Chrome last version
Google Chrome last version | Source: Chrome screenshot

The uncovered vulnerability is particularly dangerous as it allows attackers to circumvent the same-origin policy by incorrectly applying security policies to Link headers. 

This misconfiguration grants malicious actors the ability to set a referrer-policy in the Link header, resulting in Chrome inadvertently transmitting full URLs containing sensitive query parameters, such as OAuth tokens and session identifiers, to malevolent websites. 

This breach of privacy could lead to attackers gaining access to sensitive information, initiating potential account takeovers or unauthorized access to various online services.

To safeguard against this risk, it is recommended for users to promptly update their Google Chrome browsers to versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. 

While Chrome typically updates automatically, users who leave their browsers open for long durations or those experiencing extension-related issues should consider manually updating by navigating to Settings > About Chrome

This process will enable the download of available updates, following which the browser will prompt a restart to finalize the installation.

Add a Comment
Related
Italian Watchdog Fines ‘Replika’ AI Chatbot Developer Over Data Processing Protocol Concerns
volkswagen
Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII
ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527
Marks & Spencer Cyberattack
Marks & Spencer Breach Exposes Customer Data Due to Third Party, DragonForce Claims Attack
Hacker Explores Kitsap Mental Health Services Systems and then Steals Data Next Month
14 Months in Prison for Securities and Exchange Commission Account Takeover and Identity Theft
Most Popular
The Handmaid's Tale
The Handmaid’s Tale Season 6 Episode 9 Ending Explained: Nick, Lawrence, and June’s Fates
Italian Watchdog Fines ‘Replika’ AI Chatbot Developer Over Data Processing Protocol Concerns
Bring Her Back movie
Bring Her Back: All About the Horror film Dealing with a Mother’s “Unending Cycle of Grief”
Taylor Swift and Elisabeth Moss
The Handmaid’s Tale Season 6: Taylor Swift Premieres Re-Recorded song Ahead of Reputation
The Wonderfully Weird World of Gumball
All About The Wonderfully Weird World of Gumball: Beloved Series Returns in a new Blended Animation Style
Materialists
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans
The Handmaid’s Tale Season 6 Episode 9 Ending Explained: Nick, Lawrence, and June’s Fates
Italian Watchdog Fines ‘Replika’ AI Chatbot Developer Over Data Processing Protocol Concerns
Bring Her Back: All About the Horror film Dealing with a Mother’s “Unending Cycle of Grief”
The Handmaid’s Tale Season 6: Taylor Swift Premieres Re-Recorded song Ahead of Reputation
All About The Wonderfully Weird World of Gumball: Beloved Series Returns in a new Blended Animation Style
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans

Most Popular
The Handmaid's Tale
The Handmaid’s Tale Season 6 Episode 9 Ending Explained: Nick, Lawrence, and June’s Fates
Italian Watchdog Fines ‘Replika’ AI Chatbot Developer Over Data Processing Protocol Concerns
Bring Her Back movie
Bring Her Back: All About the Horror film Dealing with a Mother’s “Unending Cycle of Grief”
Taylor Swift and Elisabeth Moss
The Handmaid’s Tale Season 6: Taylor Swift Premieres Re-Recorded song Ahead of Reputation
The Wonderfully Weird World of Gumball
All About The Wonderfully Weird World of Gumball: Beloved Series Returns in a new Blended Animation Style
Materialists
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans
The Handmaid’s Tale Season 6 Episode 9 Ending Explained: Nick, Lawrence, and June’s Fates
Italian Watchdog Fines ‘Replika’ AI Chatbot Developer Over Data Processing Protocol Concerns
Bring Her Back: All About the Horror film Dealing with a Mother’s “Unending Cycle of Grief”
The Handmaid’s Tale Season 6: Taylor Swift Premieres Re-Recorded song Ahead of Reputation
All About The Wonderfully Weird World of Gumball: Beloved Series Returns in a new Blended Animation Style
Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: