Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

Posted on By CWS

Google on Wednesday introduced the discharge of a Chrome 136 replace that resolves 4 vulnerabilities, warning that an exploit exists within the wild for considered one of them.

The problem, tracked as CVE-2025-4664, is likely one of the two bugs reported by exterior researchers that have been resolved on this Chrome replace.

With out offering technical particulars, Google describes the flaw as an “inadequate coverage enforcement situation in Loader”.

In keeping with a NIST advisory, the safety defect could possibly be exploited by a distant attacker “to leak cross-origin knowledge through a crafted HTML web page”.

“Google is conscious of studies that an exploit for CVE-2025-4664 exists within the wild,” Google notes in its advisory.

This phrasing is usually utilized by Google when a Chrome vulnerability has been exploited in malicious assaults, but it surely’s unclear if on this case the corporate is conscious of precise zero-day exploitation or if it’s solely referring to an exploit being publicly accessible. 

The web large realized of the vulnerability after safety researcher Vsevolod Kokorin (Slonser) posted info on X (previously Twitter).

In a sequence of posts on Might 5, Slonser defined that an attacker might modify the Hyperlink header that Chrome resolves on sub-resource requests to seize question parameters containing delicate info.Commercial. Scroll to proceed studying.

“Builders hardly ever contemplate the opportunity of stealing question parameters through a picture from a Third-party useful resource – which makes this trick surprisingly helpful typically,” the researcher famous.

The second externally reported situation addressed in Chrome 136 is tracked as CVE-2025-4609 and is described as a high-severity “incorrect deal with supplied in unspecified circumstances in Mojo”.

The most recent Chrome iteration is now rolling out as variations 136.0.7103.113/.114 for Home windows and macOS, and as model 136.0.7103.113 for Linux.

Customers are suggested to replace their browsers as quickly as doable. It’s not unusual for risk actors to focus on Chrome vulnerabilities rapidly after exploits are publicly launched.

Associated: Chrome 136, Firefox 138 Patch Excessive-Severity Vulnerabilities

Associated: Chrome 135, Firefox 137 Updates Patch Extreme Vulnerabilities

Associated: Chrome 135, Firefox 137 Patch Excessive-Severity Vulnerabilities

Associated: Firefox Affected by Flaw Much like Chrome Zero-Day Exploited in Russia

Security Week News Tags:, , , , ,

Related Posts

42,000 Impacted by Ingram Micro Ransomware Attack 42,000 Impacted by Ingram Micro Ransomware Attack Security Week News
Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 Security Week News
SSHStalker Botnet Exploits Legacy Linux Vulnerabilities SSHStalker Botnet Exploits Legacy Linux Vulnerabilities Security Week News
Android Malware Uses AI for Extended Device Control Android Malware Uses AI for Extended Device Control Security Week News
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Security Week News
Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign Security Week News