- The unique handling of Google Chrome referring policy creates a major flaw for silent data siphoning
- CV-2025-4664 proves even reliable browsers are not protected from destructive zero day risks
- If you have not updated chrome or chromium then Cross Oregon Data is ready for grip
Experts have warned that a new exposed zero -day weakness that affects both Windows and Linux systems can put billions of Google Chrome and chromium consumers at serious risk of stealing data.
Researchers Vigorous This defect claim has been tracked as CV-2025-4664-without the ability to leak sensitive cross-breed data without the interaction of the user.
The flaw in the loader component of Chrome and Chromium browsers is related to how these browsers act on the Link Link HTTP header of subsequent subsequent requests such as photos or scripts.
Chrome data is opening the door to leak
Unlike other mainstream browsers, Chrome also honors the policy guidance on sub -resources.
This behavior allows a malicious site to inject unsafe policy, such as unsafe-URL, effectively leaking full URL, including sensitive data on third-party domains.
Such exploitation ignores the defense of the conventional browser and directs general security assumptions in the web infrastructure.
Wazwa claims that he can detect and reduce this flaw through his visionary risk detection module, which uses its cyber -risk intelligence (CTI) service data to monitor the software version and when weakened packages are found.
In a lab environment using Wazwa Owa 4.12.0, security researchers showed that the closing locations running Windows 11 and Debian 11 could be scanned to identify whether they were running a weak version of Chrome or Chromeium.
As stated in the Wazwa’s dashboard, consumers have been instructed to include the CV-2025-4664 inquiry to isolated the affected system quickly, updating the risk status from the “active” when confirmed with the module confirmed with the module.
Google has issued an emergency patch to resolve the issue on the Windows and Gento Linux system. Consumers on these platforms are advised to update their browsers immediately.
For chromium users on Debine 11, all versions up to 120.0.6099.224 are weak, and no latest package has been released yet. Users are encouraged to install the browser until a patch version is available.
Despite these sharp movements, there is a wide range of concerns: how can consumers and businesses credible themselves to the exploitation of browser -based zero -day?
Applying the patch is essential, but relying fully on the browser updates can leave the important gap. For this reason, it is recommended that they use the End Point Protection Platform with malware protection and anti -virus solutions to stay security.
These tools provide layers of defense that move beyond browser weaknesses, which consists of real -time efforts to detect and exploit.
