As Google Chrome users were still reeling from a previous zero-day vulnerability found earlier this year, security researchers have identified another critical flaw in the browser’s Loader component, tracked as CVE-2025-4664, which attackers are actively exploiting in the wild.
The high-severity vulnerability, initially uncovered by researcher Micky on April 22, 2025, and later publicly disclosed by security researcher ‘@slonser_’ on May 5, 2025, allows attackers to perform cross-origin data leakage through crafted HTML pages. Four Chrome vulnerabilities were addressed in this latest security update.
The technical mechanism behind the exploit involves Chrome’s unique handling of Link headers in subresource requests, where insufficient policy enforcement allows attackers to manipulate referrer policies. Researchers have observed attackers increasingly using PowerShell scripts to bypass traditional security defenses during these exploits.
Unlike other browsers, Chrome resolves these Link headers on sub-resource requests, potentially exposing sensitive data embedded in URLs to unauthorized parties. This vulnerability can lead to the interception of critical information such as OAuth tokens, potentially resulting in full account takeovers.
Google has responded to the threat by releasing emergency security patches in Chrome version 136.0.7103.113 for Windows and Linux users, and version 136.0.7103.114 for macOS users. The vulnerability marks the second actively exploited Chrome zero-day patched by Google in 2025, following the earlier CVE-2025-2783 incident, which was likewise used in espionage campaigns.
The Cybersecurity and Infrastructure Security Agency (CISA) officially tagged the bug as an actively exploited zero-day on May 16, 2025, emphasizing the critical nature of the threat.
Security experts warn that successful exploitation could lead to serious consequences, including privilege escalation and memory corruption. With no temporary workarounds available, users are strongly urged to update their Chrome browsers immediately to the latest version, either through automatic updates upon browser launch or manual updates through the Chrome settings menu.
The revelation of this vulnerability highlights the ongoing challenges in maintaining browser security, particularly in handling cross-origin resource interactions. The incident serves as a reminder of the critical importance of prompt security updates in protecting against sophisticated cyber threats.
