Chrome has patched this bug, but Cisa says it is still being used actively
- Advertisement -
Related Posts
- Advertisement -
- Google recently patched a new chrome bug
- Now Cisa added that vulnerability to KEV, who signals abuse in the wild
- Federal Agencies have three weeks to update Chrome
The US CyberSecurity and Infrastructure Security Agency (CISA) has added a new Chrome -Bug to the well -known exploited catalog of the Vulnerabilities (KEV), signaling of misuse in the wild and giving federal civil executive tack (Fceb) agencies.
The error is followed as CVE-2025-4664. It was recently discovered by security researchers SolidLab and is described as an “insufficient policy enforcement in charger in Google Chrome”. It was explained on NVD that the bug allowed external threat actors to leak cross-origin data through a HTML page manufactured.
“Querypenarameters may contain sensitive data -for example, in Oauth streams this can lead to an account takeover. Developers rarely consider the possibility of stealing query parameters through an image of a 3rd party resource,” researcher Vsolod Kokorin, which was attributed to the discovery of the bug, explained.
Time to patch
The error was discovered for the first time on May 5, with Google returning with a patch on 14 May. The browser giant did not discuss whether the error was exploited in real-life attacks, but it stated that it had a public exploit (which in fact means the same).
Now, with CISA that adds the bug to KEV, Fceb agencies have until June 5 to pace their Chrome agencies or to stop using the browser absolutely. The first clean versions are 136.0.7103.113 for Windows/Linux and 136.0.7103.114 for macOS. In many cases, Chrome would automatically implement the update, so just check which version you are performing.
“These types of vulnerabilities are frequent attack vectors for malignant cyber factors and are considerable risks for the federal company,” warned CISA.
The web browser is indeed one of the most targeted programs, because it provides non -confidenceed data from countless sources on the internet. Cyber criminals are always looking for vulnerabilities in browser code, plug -in or poorly secured websites, in an attempt to grab login data or other ways to compromise the wider network.
Maybe you like it too
- Advertisement -
