Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Posted on By CWS

Google on Wednesday introduced the discharge of a Chrome 136 replace that resolves 4 vulnerabilities, warning that an exploit exists within the wild for considered one of them.

The problem, tracked as CVE-2025-4664, is likely one of the two bugs reported by exterior researchers that have been resolved on this Chrome replace.

With out offering technical particulars, Google describes the flaw as an “inadequate coverage enforcement situation in Loader”.

In keeping with a NIST advisory, the safety defect could possibly be exploited by a distant attacker “to leak cross-origin knowledge through a crafted HTML web page”.

“Google is conscious of studies that an exploit for CVE-2025-4664 exists within the wild,” Google notes in its advisory.

This phrasing is usually utilized by Google when a Chrome vulnerability has been exploited in malicious assaults, but it surely’s unclear if on this case the corporate is conscious of precise zero-day exploitation or if it’s solely referring to an exploit being publicly accessible. 

The web large realized of the vulnerability after safety researcher Vsevolod Kokorin (Slonser) posted info on X (previously Twitter).

In a sequence of posts on Might 5, Slonser defined that an attacker might modify the Hyperlink header that Chrome resolves on sub-resource requests to seize question parameters containing delicate info.Commercial. Scroll to proceed studying.

“Builders hardly ever contemplate the opportunity of stealing question parameters through a picture from a Third-party useful resource – which makes this trick surprisingly helpful typically,” the researcher famous.

The second externally reported situation addressed in Chrome 136 is tracked as CVE-2025-4609 and is described as a high-severity “incorrect deal with supplied in unspecified circumstances in Mojo”.

The most recent Chrome iteration is now rolling out as variations 136.0.7103.113/.114 for Home windows and macOS, and as model 136.0.7103.113 for Linux.

Customers are suggested to replace their browsers as quickly as doable. It’s not unusual for risk actors to focus on Chrome vulnerabilities rapidly after exploits are publicly launched.

Associated: Chrome 136, Firefox 138 Patch Excessive-Severity Vulnerabilities

Associated: Chrome 135, Firefox 137 Updates Patch Extreme Vulnerabilities

Associated: Chrome 135, Firefox 137 Patch Excessive-Severity Vulnerabilities

Associated: Firefox Affected by Flaw Much like Chrome Zero-Day Exploited in Russia

Security Week News Tags:, , , , ,

Related Posts

Alleged Chinese State Hacker Wanted by US Arrested in Italy Alleged Chinese State Hacker Wanted by US Arrested in Italy Security Week News
UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features Security Week News
In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware Security Week News
Chinese Cyberattack Hits Singapore’s Telecom Sector Chinese Cyberattack Hits Singapore’s Telecom Sector Security Week News
Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard  Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard  Security Week News
Asus Armoury Crate Vulnerability Leads to Full System Compromise Asus Armoury Crate Vulnerability Leads to Full System Compromise Security Week News