- Google Chrome’s unique handling of referrer-policy creates a major loophole for silent data siphoning
- CVE-2025-4664 proves even trusted browsers are not immune to catastrophic zero-day vulnerabilities
- Cross-origin data is up for grabs if you haven’t updated Chrome or Chromium
A newly uncovered zero-day vulnerability which affects both Windows and Linux systems could put billions of Google Chrome and Chromium users at serious risk of data theft, experts have warned.
Researchers from Wazuh claim this flaw – tracked as CVE-2025-4664 – has already drawn urgent attention due to its ability to leak sensitive cross-origin data such as OAuth tokens and session identifiers without user interaction.
The flaw, identified in the Loader component of Chrome and Chromium browsers, relates to how these browsers process the Link HTTP header for sub-resource requests like images or scripts.
Chrome opening the door to data leaks
Unlike other mainstream browsers, Chrome honors the referrer-policy directive even on sub-resources.
This behavior allows a malicious site to inject a lax policy, such as unsafe-url, effectively leaking full URLs, including sensitive data, to third-party domains.
This kind of exploit bypasses conventional browser defenses and directly undermines common security assumptions in web infrastructure.
Wazuh claims it can detect and mitigate this flaw via its Wazuh Vulnerability Detection module, which uses data from its Cyber Threat Intelligence (CTI) service to monitor software versions and raise alerts when vulnerable packages are found.
In a lab environment set up using Wazuh OVA 4.12.0, security researchers demonstrated how endpoints running Windows 11 and Debian 11 could be scanned to identify whether they were running vulnerable versions of Chrome or Chromium.
As noted in Wazuh’s dashboard, users are instructed to add the query CVE-2025-4664 to quickly isolate impacted systems, with the module updating the vulnerability status from “Active” to “Solved” once mitigation steps are verified.
Google has issued an emergency patch to address the issue on Windows and Gentoo Linux systems. Users on these platforms are advised to update their browsers immediately.
For Chromium users on Debian 11, all versions up to 120.0.6099.224 remain vulnerable, and no updated package has yet been released. Users are encouraged to uninstall the browser until a patched version becomes available.
Despite these swift actions, the broader concern remains: how can users and enterprises reliably protect themselves against browser-based zero-day exploits?
Applying patches is essential, but relying solely on browser updates can leave significant gaps. For this reason, it is recommended to use endpoint protection platforms, along with malware protection and antivirus solutions, to stay safe.
These tools provide layered defenses that go beyond browser vulnerabilities, offering real-time detection and containment of exploit attempts.
Leave a comment