Urgent: Update Google Chrome Now! Critical Security Flaw Exploited, Data at Risk
Google Chrome users are facing a critical security threat. A newly discovered vulnerability, CVE-2025-4664, is being actively exploited, potentially allowing attackers to steal sensitive data like login credentials and bypass multi-factor authentication. The U.S. government has mandated all federal staff to update their browsers by June 5th, and experts are strongly urging all Chrome users, both personal and enterprise, to do the same immediately.
The Cybersecurity & Infrastructure Security Agency (CISA) has directed federal agencies to either update their Chrome browsers or discontinue use until the update is applied. This highlights the severity of the situation and the potential impact on a large scale.
The vulnerability stems from "insufficient policy enforcement in Loader" within Chrome. Security researcher Vsevolod Kokorin (@slonser_) discovered that attackers can exploit the Link header to set a `referrer-policy` to `unsafe-url`, allowing them to capture full query parameters of a referring URL. These parameters can contain sensitive information, including OAuth codes, potentially leading to account takeover.
As Forbes reported, the flaw allows stealing the text string from Chrome that includes security session credentials after you’ve logged into a service. It enables an attacker to replicate the secure session on their own device. The Cybersecurity News reported the vulnerability stems from an incorrect handle provided under unspecified circumstances in Chrome’s Mojo Inter-Process Communication (IPC) layer, potentially leading to unauthorized code execution or sandbox escape, highlighting the urgency for mitigation.
How to Update:
To protect yourself, ensure your Chrome browser is updated to version 136.0.7103.113/.114. Check for a notification indicating an update has been downloaded and requires a relaunch to install. Do not delay this process, even if you have numerous tabs open. Relaunch your browser immediately to apply the patch.
The same vulnerability affects Microsoft Edge, so users of Edge should also ensure they are running the latest version as well. Other Chromium-based browsers like Brave, Opera, and Vivaldi also require updates.
This incident serves as a stark reminder of the importance of regularly updating software to address security vulnerabilities. The speed at which this exploit is being leveraged highlights the need for proactive measures to safeguard your data and privacy.
Have you updated your Chrome browser yet? Share your thoughts and experiences in the comments below. What security measures do you take to protect your online data?
