Google on Wednesday liberated Updates to resolve four security issues in your Chrome web browser, including one for which it is said, exists in the wild.
Vulnerability at high speed, tracked as Cve-2025-4664 (CVSS assessment: 4.3), characterized as a case of insufficient policy implementation in a component called Loader.
“Insufficient implementation of a policy in Google Chrome forking up to 136.0.7103.113 allowed a remote attacker to leak data of crossed origin through the created HTML page,” A description deficiency.
The technical giant attributed to the VSEVolod Kokorin (@slonser_) security researcher with a detail of the lack of May 5, 2025, adding that there was a “feat for Cve-2025-464” in the wild.
“Unlike other browsers, Chrome decides the title of references to the resource,” Kokorin – Note In a series of posts on X previously this month. “The problem is that the link title can set the abstract.
The researcher continued to add that the request parameters may contain sensitive data that could lead to a complete absorption account and that the request parameter information could be stolen through a third party resource image.
It is unclear whether the vulnerability was used in the malicious context outside this demonstration of the concept (POC). Cve-2025-4664-second vulnerability Cve-2025-2783 To get under “active exploitation” in the wild.
To maintain potential threats, it is recommended to upgrade your Chrome browser to versions 136.7103.113/114 for Windows and Mac, and 136.0.7103.113 for Linux. Microsoft Edge, Brave, Opera and Vivaldi users are also recommended to apply fixes when they become available.
