Security News > 2025 > May > New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
2025-05-15 10:43
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google
News URL
https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html
Related news
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Cardiff's children's chief confirms data leak 2 months after cyber risk was 'escalated' (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Royal Mail investigates data leak claims, no impact on operations (source)
- Western Sydney University discloses security breaches, data leak (source)
- Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks (source)
- Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures (source)
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-14 | CVE-2025-4664 | Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 0.0 |