Ethical Hacking News
Google Chrome has been patched for a high-severity vulnerability (CVE-2025-4664) that could be exploited by attackers to gain full access to user accounts. The update, released in response to reports of an already publicly known exploit, aims to address concerns over browser security.
Google has released an emergency update to patch a high-severity vulnerability in Chrome (CVE-2025-4664) The vulnerability arises from insufficient policy enforcement in Google Chrome's Loader component Aktors can potentially exploit this vulnerability to gain unauthorized access to user accounts via maliciously crafted HTML pages Users are advised to opt for automatic updates, which will be automatically installed after launching the browser Google has also recently patched another high-severity zero-day bug (CVE-2025-2783)
In a move to address concerns over user security, Google has recently released an emergency update to patch a high-severity vulnerability in its popular web browser, Chrome. The update comes amid reports that an exploit for the identified vulnerability (CVE-2025-4664) has already been made public, which could potentially allow attackers to gain full access to users' accounts.
The vulnerability was discovered by Solidlab security researcher Vsevolod Kokorin and is characterized as an insufficient policy enforcement in Google Chrome's Loader component. According to Kokorin, the issue arises due to the browser's behavior on subresource requests, where it resolves the Link header. However, this process can also lead to the exposure of sensitive data via maliciously crafted HTML pages.
In an interview, Kokorin explained that query parameters can contain highly sensitive information, which could potentially be exploited by attackers in order to gain unauthorized access to user accounts. Developers often overlook the possibility of such attacks due to their focus on other security aspects.
The fix for this vulnerability was released in the Stable Desktop channel, with patched versions rolling out globally as part of an ongoing effort to address high-severity bugs in the browser. Users can also opt for automatic updates, which will be automatically installed after launching the browser.
This update comes on the heels of another recent patch for a high-severity zero-day bug (CVE-2025-2783) that was used by attackers to deploy malware and target specific organizations worldwide. The newly patched vulnerability highlights ongoing concerns over Chrome's security and the potential risks associated with using publicly known exploits to identify vulnerabilities.
In related news, Kaspersky researchers have expressed concern about the widespread use of zero-day bugs in recent attacks, citing instances where these vulnerabilities were exploited to bypass sandbox protections and infect targets with malware. The company has emphasized the importance of timely updates to prevent such attacks.
This latest update from Google serves as a reminder for users to prioritize their browser security and stay informed about the latest patches and updates.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Patches-High-Severity-Chrome-Flaw-with-Public-Exploit-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-fixes-high-severity-chrome-flaw-with-public-exploit/
https://nvd.nist.gov/vuln/detail/CVE-2025-4664
https://www.cvedetails.com/cve/CVE-2025-4664/
https://nvd.nist.gov/vuln/detail/CVE-2025-2783
https://www.cvedetails.com/cve/CVE-2025-2783/
Published: Thu May 15 04:32:47 2025 by llama3.2 3B Q4_K_M
