Security News > 2025 > May > CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
2025-05-16 10:44
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google Chrome’s Loader, which attackers can use to make the browser leak cross-origin data that can be used to take over accounts. The vulnerability can be triggered with a maliciously crafted HTML page, on Chrome versions prior … More → The post CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) appeared first on Help Net Security.
News URL
Related news
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- CVE program gets last-minute funding from CISA – and maybe a new home (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- CVE fallout: The splintering of the standard vulnerability tracking system has begun (source)
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) (source)
- How to Automate CVE and Vulnerability Advisory Response with Tines (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-14 | CVE-2025-4664 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |