Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » News » Security » Chrome vulnerability allowing account takeover fixed
2 min Security

Chrome vulnerability allowing account takeover fixed

Berry ZwetsMay 15, 2025 3:54 pmMay 15, 2025 3:54 pm
Chrome vulnerability allowing account takeover fixed

Google has released an emergency update for the Chrome browser to fix a serious security vulnerability. This vulnerability allowed someone to completely take over accounts.

According to Google, the bug, known as CVE-2025-4664, already has a publicly available exploit, which usually indicates active abuse. Users are advised to update their browser to the latest version as soon as possible.

Security researcher Vsevolod Kokorin of Solidlab discovered and analyzed the vulnerability. The problem lies in Chrome’s Loader component, which allows malicious actors to leak data between different sources via specially designed HTML pages.

How the vulnerability works

“Unlike other browsers, Chrome resolves the Link header on subresource requests. But what’s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,” Kokorin explains.

According to the researcher, query parameters can contain sensitive information, such as data used in OAuth authentication flows. This can lead to complete account takeover. “Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource,” he adds.

Google has fixed the issue for Chrome users in the Stable Desktop channel. The updated versions (136.0.7103.113 for Windows/Linux and 136.0.7103.114 for macOS) are being rolled out to all users.

Tip: Google patches critical vulnerability in Chrome

Tags:

account takeover / browser security / Google Chrome / security vulnerability

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Stay tuned, subscribe!

Nieuwsbrieven*

Related

AWS launches Continuum for code vulnerabilities

Dutch Kyndryl takeover blocked on sovereign grounds to get court appeal

Okta and Google Cloud link identity to AI agents and browsers

SAP patches vulnerabilities in NetWeaver and Commerce Cloud

Editor picks

vCluster virtualizes Kubernetes for maximum GPU efficiency

Kubernetes cluster sprawl and underutilized GPUs are costing organiza...

Claude Sonnet 5: not powerful enough to be blocked?

Anthropic is facing a major problem. While Fable 5—by far their mos...

Claude’s creator Anthropic overtakes OpenAI at the IPO game

The first IPO of an AI model developer is imminent. Anthropic, the co...

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s t...

Techzine.tv

How Nutanix is tackling multi-cloud Kubernetes and AI workloads

How Nutanix is tackling multi-cloud Kubernetes and AI workloads

Buying GPUs doesn't deliver AI value, according to AWS

Buying GPUs doesn't deliver AI value, according to AWS

How Atlassian designs AI products that users can trust

How Atlassian designs AI products that users can trust

AI observability and container security with Wiz at KubeCon

AI observability and container security with Wiz at KubeCon

Read more on Security

AI usage in the cloud is often indirect and unclear

AI usage in the cloud is often indirect and unclear

AI has quickly become an integral part of cloud environments. As a result, security challenges are shifting a...

Mels Dees 16 hours ago
FortiBleed linked to ransomware groups INC and Lynx

FortiBleed linked to ransomware groups INC and Lynx

New research into the large-scale FortiBleed campaign points to a direct link with the ransomware groups INC ...

Mels Dees 18 hours ago
Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”
Top story

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s the underlying architecture or code. If i...

Sander Almekinders 2 days ago
AI security doesn’t require a brand-new architecture
Top story

AI security doesn’t require a brand-new architecture

The rapid adoption of artificial intelligence has thrown cybersecurity principles into disarray. The direct l...

Berry Zwets June 25, 2026

Expert Talks

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD recently introduced the “Helios” rack-scale AI architecture, ...

Taking the right lessons from AI success stories

Taking the right lessons from AI success stories

While a lot of the current narratives around AI focus on stalled...

Why traditional security can’t protect your enterprise against AI threats

Today’s AI tools are a boon for many businesses, boosting efficienc...

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations 

Enterprise infrastructure has reached a turning point where planned d...

Tech calendar

GOTO Copenhagen 2026

September 28, 2026 TAP1, Raffinaderivej 10, 2300 København S, Denmark

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2026 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement