SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-4664

CVE-2025-4664: Google Chrome Information Disclosure Flaw

CVE-2025-4664 is an information disclosure vulnerability in Google Chrome's Loader component that allows attackers to leak cross-origin data through malicious HTML pages. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2025-4664 Overview

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Critical Impact

Allows cross-origin data leakage that can lead to data privacy concerns for users.

Affected Products

  • Google Chrome

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Google
  • Not Available - CVE CVE-2025-4664 assigned
  • Not Available - Google releases security patch
  • 2025-05-14T18:15:33.867 - CVE CVE-2025-4664 published to NVD
  • 2025-06-06T01:00:02.617 - Last updated in NVD database

Technical Details for CVE-2025-4664

Vulnerability Analysis

The vulnerability arises from insufficient policy enforcement in the Loader component. This flaw allows an attacker to exploit cross-origin resource sharing and access confidential information from different origins.

Root Cause

The vulnerability is due to a lack of proper checks and balances in the Loader component when loading cross-origin resources.

Attack Vector

The attack can be executed remotely by crafting a malicious HTML page that bypasses the browser's security features to read data across origins.

javascript
// Example exploitation code (sanitized)
fetch('https://victim-website.com/data')
  .then(response => response.text())
  .then(data => console.log(data));

Detection Methods for CVE-2025-4664

Indicators of Compromise

  • Unusual network requests to known or unknown domains
  • Excessive cross-origin requests in browser activity logs
  • Suspicious HTML pages accessed frequently

Detection Strategies

Implement browser logging for unusual cross-origin network requests and analyze logs for accessing restricted domains.

Monitoring Recommendations

Continuous monitoring of network requests and applying anomaly detection on request patterns can help identify exploitation attempts.

How to Mitigate CVE-2025-4664

Immediate Actions Required

  • Update Google Chrome to version 136.0.7103.113 or later.
  • Implement strict Content Security Policy (CSP) headers.
  • Regularly audit cross-origin requests in application logs.

Patch Information

Ensure Chrome is updated to at least version 136.0.7103.113 where Google has patched this vulnerability.

Workarounds

Develop a custom browser extension that blocks unauthorized cross-origin requests based on a predefined policy.

bash
# Configuration example
echo "User-Agent: Chrome/136.0.7103.113" > ~/.chrome_config
start chrome --crash-test

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne