Google has released an emergency update for the Chrome browser to fix a serious security vulnerability. This vulnerability allowed someone to completely take over accounts.
According to Google, the bug, known as CVE-2025-4664, already has a publicly available exploit, which usually indicates active abuse. Users are advised to update their browser to the latest version as soon as possible.
Security researcher Vsevolod Kokorin of Solidlab discovered and analyzed the vulnerability. The problem lies in Chrome’s Loader component, which allows malicious actors to leak data between different sources via specially designed HTML pages.
How the vulnerability works
“Unlike other browsers, Chrome resolves the Link header on subresource requests. But what’s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,” Kokorin explains.
According to the researcher, query parameters can contain sensitive information, such as data used in OAuth authentication flows. This can lead to complete account takeover. “Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource,” he adds.
Google has fixed the issue for Chrome users in the Stable Desktop channel. The updated versions (136.0.7103.113 for Windows/Linux and 136.0.7103.114 for macOS) are being rolled out to all users.