Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild

Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux.

This update elevates Chrome to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux.

The deployment will occur gradually over the next few days and weeks, ensuring users worldwide receive the latest enhancements.

Addressing 4 Vulnerabilities

1. CVE-2025-4664: Insufficient Policy Enforcement in Loader (Zero-Day)

This high-severity vulnerability involves insufficient policy enforcement in Chrome’s Loader component, allowing remote attackers to leak cross-origin data via crafted HTML pages.

Google has confirmed that exploits for this zero-day flaw are actively being used in the wild, heightening the urgency for users to update.

“Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.”

The issue was first disclosed by security researcher @slonser_ on May 5, 2025, suggesting potential exploitation prior ...