Skip to content

Chromium-based Browser Active Exploit Vulnerability - 20250516001

Overview

Google has released a security update to address an insufficient policy enforcement vulnerability in Google Chromium Loader. Successful exploitation would allow a remote attacker to leak cross-origin data via a crafted HTML page.

This vulnerability affects all Chromium-based browsers, which includes, but is not limited to Google Chrome, Microsoft Edge, Brave, and Vivaldi.

What is vulnerable?

Products Affected CVE CVSS Severity
Chromium-based Browsers
- Google Chrome
- Microsoft Edge
- Brave
- Vivaldi
CVE-2025-4664 4.6 Medium

What has been observed?

CISA has added the vulnerability to their Known Exploited Vulnerabilities catalogue. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

Additional References