What is CVE-2025-4664?

A medium-severity vulnerability in Google Chrome allows remote attackers to leak cross-origin data through insufficient policy enforcement. Organizations are advised to patch their systems promptly to mitigate potential risks.

What is the severity of CVE-2025-4664?

CVE-2025-4664 has a severity rating of MEDIUM with a CVSS base score of 4.3.

CVE-2025-4664 | Medium Vulnerability in Google Chrome

CVE-2025-4664 is a medium-severity vulnerability affecting Google Chrome, specifically prior to version 136.0.7103.113. This vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page due to insufficient policy enforcement in the Loader component. The CVSS score for this vulnerability is 4.3, indicating a moderate risk level that organizations must address.

The risk to organizations includes potential data leaks that could expose sensitive information from different origins. Given the nature of web applications and the increasing reliance on browsers for accessing various online services, the implications of this vulnerability can be significant. Although the exploitation status is confirmed with known exploit availability, organizations should prioritize patching to reduce the risk of potential data breaches.

Organizations should prioritize remediation of this vulnerability to safeguard sensitive data. Immediate action is required to implement the necessary patches and mitigate the risk associated with this vulnerability.

The vulnerability was published on May 14, 2025, and organizations must assess their deployment of Google Chrome to ensure that they are using a patched version to avoid exposure to this threat.

Vulnerability Details

The official description of this vulnerability states that it involves insufficient policy enforcement in the Loader component of Google Chrome. The CVSS score of 4.3 reflects a medium severity, with a low attack complexity and requiring user interaction for successful exploitation. The affected product is Google Chrome, with no specific CWE classification available.

Technical Analysis

The root cause of this vulnerability lies in the insufficient enforcement of security policies within the Loader component. Attackers can exploit this vulnerability through a network attack vector, leveraging low complexity to execute their malicious actions. No privileges are required for an attacker to exploit this vulnerability, but user interaction is necessary, as the victim must visit a specially crafted HTML page to initiate the data leak.

Risk & Impact Analysis

The real-world risk posed by CVE-2025-4664 is substantial, given the widespread use of web applications and the potential for data leakage. Organizations must consider the blast radius, as leaked information could lead to unauthorized access to sensitive data. The urgency for organizations to address this vulnerability is high, as evidenced by the available exploits and potential impact on user privacy and data integrity.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Google Chrome are all versions prior to 136.0.7103.113. Organizations should ensure they are using the latest version to mitigate this vulnerability.

Mitigation & Remediation

To address CVE-2025-4664, organizations should update Google Chrome to the latest version available, specifically version 136.0.7103.113 or later. If an immediate update is not possible, consider implementing workarounds such as restricting access to potentially harmful web pages and monitoring network traffic for any unusual activities. Regular security assessments and configuration hardening can also help mitigate the risks associated with this vulnerability.

For more information on effective security practices, organizations can refer to penetration testing methodology to validate their security posture.

Detection Guidance

Organizations should monitor logs for indicators of exploitation attempts, such as unexpected network traffic or access to cross-origin resources. Behavioral anomalies, including unusual web page requests or data access patterns, should also be investigated. Additionally, monitoring for system changes is crucial to detect any unauthorized modifications that may indicate exploitation.

AppSecure Threat Intelligence Insight

CVE-2025-4664 highlights the ongoing challenges in securing web browsers against sophisticated attacks. This vulnerability represents a broader trend of exploitation targeting web technologies, underscoring the importance of continuous security assessments and updates. Security teams should learn from this incident to enhance their defensive strategies and prioritize timely patch management.

For further insights into vulnerability management, organizations can explore vulnerability management programs and the importance of proactive security measures.

Additionally, organizations may wish to consider continuous penetration testing to constantly evaluate their security posture against emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-4664: Medium Vulnerability in Google Chrome