Full Report
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google
Analysis Summary
# Vulnerability: Cross-Origin Data Leak via Insufficient Policy Enforcement in Chrome Loader
## CVE Details
- CVE ID: CVE-2025-4664
- CVSS Score: 4.3 (Low)
- CWE: Insufficient Policy Enforcement
## Affected Systems
- Products: Google Chrome (and potentially other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi)
- Versions: Prior to 136.0.7103.113 (for Windows/Mac) and prior to 136.0.7103.113 (for Linux)
- Configurations: Any configuration vulnerable to sub-resource loading that processes the `Link` header.
## Vulnerability Description
The vulnerability stems from an insufficient policy enforcement issue within the Chrome browser's "Loader" component. Unlike other browsers, Chrome resolves the `Link` header on sub-resource requests. A remote attacker can craft an HTML page that sets the `Link` header to specify a `referrer-policy` of `unsafe-url` during a sub-resource request (e.g., loading a third-party image). This allows the attacker to capture the full query parameters of the originating URL, which may contain sensitive data, potentially leading to account takeover or other severe data exposure.
## Exploitation
- Status: Exploited in the wild (Confirmed by Google awareness)
- Complexity: Low (Implied by the nature of exploiting header behavior via crafted HTML)
- Attack Vector: Network
## Impact
- Confidentiality: High (Sensitive data leakage possible, including potential for account takeover)
- Integrity: Low (Direct impact generally assumed to be data retrieval, not modification, though leaked data could facilitate integrity attacks)
- Availability: Low
## Remediation
### Patches
The following versions contain the fix:
- Chrome 136.0.7103.113 or later for Windows and Mac.
- Chrome 136.0.7103.113 or later for Linux.
### Workarounds
No specific workarounds are detailed in the provided text, but general application of patches to dependent Chromium browsers (Edge, Brave, Opera, Vivaldi) is urgently advised as fixes become available for those products.
## Detection
- Indicators of Compromise: Look for unusual network requests originating from affected clients that send sensitive URL query parameters to third-party domains when fetching sub-resources, especially if the request header chain suggests a manipulated `referrer-policy`.
- Detection methods and tools: Monitor outbound network traffic for unexpected data leakage in referrer headers or URL parameters associated with resource loading requests.
## References
- Vendor Advisory: https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
- CVE Description: https://www.cve.org/CVERecord?id=CVE-2025-4664
- Researcher Detail: https://x com/slonser_/status/1922750094140440964