Solid chrome and chromium protection fracture opens the locks for silent data theft on billions of devices worldwide
- Advertisement -
Related Posts
- Advertisement -
- The unique handling of Google Chrome from referral policy creates a large Maas in the law for silent data overhang
- CVE-2025-4664 proves that even trusted browsers are not immune to catastrophic vulnerabilities for zero-day
- Cross-Origin data is for picking up if you have not updated Chrome or Chromium
A new uncovered vulnerability without a day that influences both Windows and Linux systems could bring billions of Google Chrome and Chromium users with a serious risk of data theft, have warned experts.
Researchers of Wazuh Claim that this error-maintained as CVE-2025-4664-AL has attracted urgent attention because of the ability to leak sensitive cross-cores such as Oauth tokens and session identification data without user interaction.
The error, identified in the charger component of chrome and chromium browsersrelates to how these browsers process the HTTP header link for sub-resource applications such as images or scripts.
Chrome open the door to data leaks
In contrast to other regular browsers, Chrome honors the reference directive of the reference, even on sub-resources.
This behavior enables a malicious site to inject a lax policy, such as unsafe URL, effectively leaking full URLs, including sensitive data, to domains of third parties.
This type of exploits conventional brow service links and immediately undermines common security recording in web infrastructure.
Wazuh claims that it can detect and limit this error through its Wazuh vulnerability detection module, which uses data from its Cyber Threat Intelligence (CTI) service to check software versions and to increase warnings when vulnerable packages are found.
Set up in a laboratory environment using Wazuh Ova 4.12.0, security researchers demonstrated how endpoints run Windows 11 And Debian 11 could be scanned to determine whether they performed vulnerable versions of Chrome or Chromium.
As noted in the Wazuh dashboard, users are instructed to add the Query-2025-4664 to insulate quickly affected systems, whereby the module updated the vulnerability status from “active” to “resolved” once mitigation steps have been preserved.
Google has issued an emergency patch to tackle the problem on Windows and Gentoo Linux systems. Users on these platforms are advised to immediately update their browsers.
For chrome users on Debian 11, all versions will remain vulnerable and no updated package has yet been released until 120.0.6099.224. Users are encouraged to delete the browser until a patched version becomes available.
Despite these quick actions, the wider concern continues: how can users and companies reliably protect themselves against browser-based Zero-Day Exploits?
Applying patches is essential, but only relying on browser updates can leave significant gaps. For this reason it is recommended to use End point protection platformsTogether with malware protection and antivirus Solutions, to stay safe.
These tools offer layered defenses that go beyond the browser’s vulnerabilities and offer real -time detection and enclosure of exploit attempts.
Maybe you like it too
- Advertisement -
