Chrome Vulnerability CVE-2025-4664 Could Lead to Account Takeover—Google Urges Immediate Update
Google has released an emergency security update for Chrome to patch a high-severity vulnerability (CVE-2025-4664) that could allow remote attackers to leak cross-origin data and, in some cases, achieve full account takeover.
In a security advisory published Wednesday, Google acknowledged the vulnerability is exploitable in the wild, indicating potential active exploitation.
“Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild,” the company confirmed.
Technical Details: Cross-Origin Data Exposure via Referrer Policy Misuse
The flaw, discovered by Solidlab security researcher Vsevolod Kokorin, stems from insufficient policy enforcement in Chrome’s Loader component. Specifically, the vulnerability arises from how Chrome handles Link headers on subresource requests.
Unlike other browsers, Chrome resolves the Link header on subresources, allowing a malicious site to set an unsafe referrer-policy and exfiltrate query parameters from cross-origin URLs.
“Query parameters can contain sensitive data — for example, OAuth tokens,” Kokorin explained.
“Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource.”
A proof-of-concept image demonstrates how OAuth access tokens can be exposed via this method, potentially leading to account hijacking when the stolen tokens are reused.
Leaked OAuth access token (Vsevolod Kokorin)