Google fixes high severity Chrome flaw with public exploit

Google has released emergency security updates to patch a high-severity vulnerability in the Chrome web browser that could lead to full account takeover following successful exploitation. While it's unclear if this security flaw has been used in attacks, the company warned that it has a public exploit, which is how it usually hints at active exploitation. "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild," Google said in a Wednesday security advisory. The vulnerability was discovered by Solidlab security researcher Vsevolod Kokorin and is described as an insufficient policy enforcement in Google Chrome's Loader component that lets remote attackers leak cross-origin data via maliciously crafted HTML pages. "You probably know that unlike other browsers, Chrome resolves the Link header on subresource requests. But what's the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query paramete ... Read full article.