Chrome faces critical attack as CISA warns users to update immediately

On May 14, 2025, Google confirmed a significant vulnerability in the Chrome loader, specifically involving insufficient policy enforcement that could allow remote attackers to leak sensitive cross-origin data. This vulnerability, identified as CVE-2025-4664, has been confirmed to exist in the wild, amplifying concerns regarding the security of user accounts and login credentials. The situation prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add this vulnerability to its Known Exploited Vulnerabilities catalog on May 15, mandating that all federal staff must apply necessary fixes by June 5, 2025, or cease using the browser until fixes can be employed. While this mandate primarily affects federal employees, CISA has urged all organizations to strengthen their defenses against potential cyber threats. CISA and Google strongly encourage all users to update their Chrome browsers, since attackers could exploit this vulnerability before users have had the chance to secure their systems by updating to version 136.0.7103.113/.114. The urgency of the updates is underscored by the threat landscape as various attack methods, including complex techniques to steal session data from Chrome users, have made the vulnerability increasingly critical. Today, with an install base of billions, the incessant progress of cyberattack strategies imposes significant risks, highlighting a pressing need for timely remediation and continuous vigilance against evolving threats.