Chromium-based Browser Active Exploit Vulnerability - 20250516001¶
Overview¶
Google has released a security update to address an insufficient policy enforcement vulnerability in Google Chromium Loader. Successful exploitation would allow a remote attacker to leak cross-origin data via a crafted HTML page.
This vulnerability affects all Chromium-based browsers, which includes, but is not limited to Google Chrome, Microsoft Edge, Brave, and Vivaldi.
What is vulnerable?¶
| Products Affected | CVE | CVSS | Severity |
|---|---|---|---|
| Chromium-based Browsers - Google Chrome - Microsoft Edge - Brave - Vivaldi |
CVE-2025-4664 | 4.6 | Medium |
What has been observed?¶
CISA has added the vulnerability to their Known Exploited Vulnerabilities catalogue. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):
- Google: https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
- Microsoft: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-4664
Additional References¶
- CISA Known Exploited Vulnerabilities: https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2025-018
- Centre of Internet Security: https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2025-052