Google has launched an pressing safety replace for Chrome to patch a crucial vulnerability that hackers are actively exploiting within the wild.
The tech big introduced yesterday that Chrome’s Steady channel has been up to date to model 136.0.7103.113/.114 for Home windows and Mac, and 136.0.7103.113 for Linux to deal with 4 safety points, together with a high-severity zero-day flaw.
Safety researchers have recognized CVE-2025-4664 as probably the most severe vulnerability on this launch. This vulnerability stems from “inadequate coverage enforcement in Loader” inside Chrome’s browser structure.
This flaw permits attackers to bypass safety insurance policies, probably enabling unauthorized code execution and cross-origin knowledge leaks by means of specifically crafted HTML pages.
“The flaw permits an attacker to bypass safety insurance policies inside Chrome’s Loader logic, probably resulting in unauthorized code execution or sandbox escape,” defined safety consultants monitoring the problem.
Google Chrome 0-Day Vulnerability
Google confirmed they’re “conscious of stories that an exploit for CVE-2025-4664 exists within the wild,” elevating the urgency for customers to replace instantly.
The vulnerability was initially disclosed through an X submit by safety researcher @slonser_ on Could 5, 2025, indicating that malicious actors might have been exploiting the flaw for days or perhaps weeks earlier than the patch was launched.
Google has not disclosed particular particulars about ongoing exploitation makes an attempt, prone to stop additional abuse whereas customers replace their browsers.
Along with the zero-day vulnerability, the Chrome replace addresses one other high-severity flaw, CVE-2025-4609, which includes “incorrect deal with supplied in unspecified circumstances in Mojo”.
Safety researchers clarify that bugs in Chrome’s Mojo IPC (Inter-Course of Communication) layer can result in severe points like privilege escalation and reminiscence corruption in advanced, multi-process functions like Chrome.
Chrome’s safety staff credited exterior researchers, together with @slonser_ and a researcher named Micky who reported the Mojo vulnerability on April 22, for figuring out these safety points.
Google’s ongoing inside safety efforts, together with instruments like AddressSanitizer, which have discovered over 300 bugs in Chromium, proceed to strengthen Chrome’s safety posture.
Customers can confirm their Chrome model and set off an replace by navigating to “chrome://settings/assist” of their browser. The replace will roll out routinely over the approaching days and weeks, however safety consultants advocate manually checking for updates given the crucial nature of this vulnerability.
The newest variations customers ought to guarantee they’ve put in are Chrome 136.0.7103.113/.114 for Home windows/Mac and Chrome 136.0.7103.113 for Linux. Android customers will obtain Chrome 136.0.7103.125 by means of Google Play, which incorporates the identical safety fixes because the desktop variations.
This incident highlights the continuing safety challenges confronted by net browsers that course of untrusted content material from the web.
Chrome maintains its place because the world’s hottest browser with roughly 65% market share throughout all platforms, making it a lovely goal for malicious actors.
Google continues to incentivize safety researchers to seek out and report vulnerabilities by means of its bug bounty program, with rewards of as much as $250,000 for locating crucial safety flaws.
The corporate’s proactive method to safety, together with fast patch deployment and clear disclosure of vulnerabilities, stays essential in defending billions of customers worldwide.
Vulnerability Assault Simulation on How Hackers Quickly Probe Web sites for Entry Factors – Free Webinar
