Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild

Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux.

This update elevates Chrome to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux.

The deployment will occur gradually over the next few days and weeks, ensuring users worldwide receive the latest enhancements.

Addressing 4 Vulnerabilities

1. CVE-2025-4664: Insufficient Policy Enforcement in Loader (Zero-Day)

This high-severity vulnerability involves insufficient policy enforcement in Chrome’s Loader component, allowing remote attackers to leak cross-origin data via crafted HTML pages.

Google has confirmed that exploits for this zero-day flaw are actively being used in the wild, heightening the urgency for users to update.

“Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.”

The issue was first disclosed by security researcher @slonser_ on May 5, 2025, suggesting potential exploitation prior to the patch release. This flaw could enable unauthorized code execution or sandbox escape.

2. CVE-2025-4609: Incorrect Handle in Mojo

Classified as high severity, this vulnerability stems from an incorrect handle provided under unspecified circumstances in Chrome’s Mojo Inter-Process Communication (IPC) layer.

Reported by a researcher named Micky on April 22, 2025, this flaw could lead to serious issues such as privilege escalation or memory corruption in Chrome’s multi-process architecture.

Unspecified Vulnerability from Internal Audits (ID: 417268830) fixed as a part of multiple fixes from Google’s internal security audits, fuzzing, and other initiatives. Specific details are withheld to prevent exploitation, enhancing Chrome’s overall security.

Additional Unspecified Fix from Internal Efforts (ID: 417268830) Another fix from Google’s internal security efforts, with details restricted until most users update. Aims to proactively mitigate risks before potential exploitation by malicious actors.

To prevent potential exploitation, Google is limiting access to detailed information about these bugs until most users have updated their browsers. This restriction also applies if a flaw exists in a third-party library relied upon by other projects that have yet to release a fix.

Users are strongly advised to update Chrome at the earliest opportunity to safeguard their systems with these essential security patches.

Google extends its appreciation to the security researchers who assisted in identifying and resolving these issues, emphasizing the importance of collective efforts in maintaining a secure digital environment. For further assistance or details on managing release channels, users can refer to Google’s community support forum and official resources.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!