CVE-2025-4664 — Google Chrome vulnerability

18 documents12 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 69.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedMay 14

Latest updateDec 11

Description

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5google/chrome136.0.7103.113 — 136.0.7103.113

▶NVDgoogle/chrome< 136.0.7103.113

▶Debianchromium/chromium< 136.0.7103.113-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-vxhm-55mv-5fhx: Insufficient policy enforcement in Loader in Google Chrome prior to 136↗2025-05-14

▶

CVEList

CVE-2025-4664: Insufficient policy enforcement in Loader in Google Chrome prior to 136↗2025-05-14

▶

OSV

CVE-2025-4664: Insufficient policy enforcement in Loader in Google Chrome prior to 136↗2025-05-14

▶

VulnCheck

Google Chrome Loader Policy Enforcement Vulnerability↗2025

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0011 Chromium and Prisma Browser: Monthly Vulnerability Update (June 2025)↗2025-06-11

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-4664↗2025-06-06

▶

Microsoft

Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader↗2025-05-13

▶

Debian

CVE-2025-4664: chromium - Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.1...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

Google fixes eighth Chrome zero-day exploited in attacks in 2025↗2025-12-11

▶

Bleepingcomputer

Google fixes new Chrome zero-day flaw exploited in attacks↗2025-11-18

▶

Qualys

Patch Automation for Browsers with TruRisk™ Eliminate↗2025-09-24

▶

Qualys

Automated Browser Patching with Qualys TruRisk™ Eliminate | Qualys↗2025-09-24

▶

Bleepingcomputer

Google patches sixth Chrome zero-day exploited in attacks this year↗2025-09-18

▶