Critical Chrome Vulnerability: Update Now to Avoid Account Takeover
A critical vulnerability in Google Chrome, CVE-2025-4664, is being actively exploited in the wild, posing a significant risk to users. Cybersecurity experts are urging immediate action to update Chrome to the latest version to prevent potential account takeovers and data leaks.
The vulnerability, discovered by Solidlab security researcher Vsevolod Kokorin, stems from insufficient policy enforcement in Chrome's Loader component. According to Kokorin, this flaw allows attackers to potentially capture sensitive data embedded within query parameters of URLs. "Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover," Kokorin noted. This creates a pathway for attackers to steal login credentials and bypass multi-factor authentication.
Google released security updates on Wednesday, May 14, 2025, to address the issue. However, the company also issued a warning that an exploit for this vulnerability already exists in the wild, indicating that attackers are actively attempting to leverage it. Forbes reported that the fix is imperative and it’s fixed immediately.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-4664 to its Known Exploited Vulnerabilities catalog, mandating that all U.S. federal agencies patch their Chrome installations by June 5, 2025. This directive, while specifically for federal agencies, serves as a strong recommendation for all Chrome users to prioritize this update.
CISA warns, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." This is the second actively exploited Chrome zero-day patched by Google this year, highlighting the ongoing need for vigilance regarding browser security.
The specific versions to update to are 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also apply the fixes as soon as they become available.
This vulnerability underscores the importance of keeping your web browser up-to-date. The potential consequences of failing to do so can range from data leakage to complete account compromise. Have you updated your Chrome browser yet? Share your thoughts and experiences in the comments below.
