CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser.
Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday.
As Kokorin explained, the vulnerability is due to insufficient policy enforcement in Google Chrome’s Loader component, and successful exploitation can allow remote attackers to leak cross-origin data via maliciously crafted HTML pages.
Read more at Bleeping Computer