A newly disclosed vulnerability in Google Chrome and Chromium-based browsers is placing customers prone to information leaks. Tracked as CVE-2025-4664, the flaw permits attackers to extract delicate info like login tokens and session IDs from beforehand visited web sites.
The safety situation was detailed right now by Wazuh, a cybersecurity firm specializing in open-source menace detection. It impacts customers on each Home windows and Linux, together with Debian and Gentoo methods.
How It Works
The problem resides within the Chrome’s dealing with of the Hyperlink HTTP header when loading sub-resources like photographs and scripts. Whereas most browsers ignore referrer insurance policies in these headers, Chrome accepts them, even on cross-origin requests. Meaning an attacker can deliberately set a relaxed coverage, equivalent to unsafe-url, to entry full referrer URLs.
These URLs can embrace delicate information from different websites a person lately visited. If an attacker controls the vacation spot server, they will quietly gather that information with out the person realizing.
Who’s Affected
Customers on the next methods are weak if their browsers haven’t been up to date:
- Home windows: Google Chrome variations earlier than 136.0.7103.113
- Debian 11 Linux: Chromium as much as model 120.0.6099.224
- Gentoo Linux: Chrome or Chromium variations earlier than 136.0.7103.113
What to Do
Google has issued an emergency replace to repair the vulnerability in Chrome on Home windows and Chromium on Gentoo Linux. Debian customers ought to uninstall affected variations of Chromium till a patched model turns into obtainable.
How you can Manually Replace Chrome (If auto-update is turned off)
If Chrome isn’t updating robotically, observe these steps to ensure you’re working the newest model and guarded towards CVE-2025-4664:
- Open Chrome – Launch Google Chrome in your machine.
- Go to the Menu – Click on the three vertical dots within the top-right nook of the browser window.
- Choose “Assist” → “About Google Chrome” – This may open a brand new tab that reveals your present model and robotically checks for updates.
- Await Chrome to Examine for Updates – If a more recent model is out there, Chrome will begin downloading it straight away.
- Click on “Relaunch” – As soon as the replace is downloaded, click on “Relaunch” to restart the browser and full the set up.
Examine Replace Standing After Relaunch
To verify the replace, return to Assist > About Google Chrome. The browser ought to now present the newest model quantity and the message “Google Chrome is updated.”
In the event you’re on Home windows, be sure the Chrome Replace service is enabled in your system settings or by way of the Group Coverage Editor. On Linux methods, particularly these utilizing Chromium, updates might require package deal supervisor instructions or guide downloads relying on the distribution.
Wazuh’s weblog put up explains the significance of proactive vulnerability detection. Their instruments present real-time monitoring and insights that assist directors keep on high of safety threats, particularly when zero-day flaws like this one come into play.
