CVE-2025-4664 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Chrome	CNA	---				---
CISA-ADP	ADP	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
google	chrome	𝑥 < 136.0.7103.113

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

chromium

bullseye (security)	vulnerable
bullseye	vulnerable
bookworm	vulnerable
bookworm (security)	136.0.7103.113-1~deb12u1 fixed
sid	136.0.7103.113-1 fixed
trixie	136.0.7103.113-1 fixed

Vulnerability Media Exposure

[GERMAN] Chrome-Sicherheitslücke mit Exploit in freier Wildbahn
Google aktualisiert Chrome und stopft dabei Sicherheitslecks. Für eines gibt es bereits einen Exploit, erklärt das Unternehmen.
Published: 2025-05-15T07:14:00+00:00
[ENGLISH] New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google
Published: 2025-05-15T16:13:00+05:30
[GERMAN] Google Chrome / Microsoft Edge: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um Informationen offenzulegen oder einen nicht näher spezifizierten Angriff durchzuführen.
Published: 2025-05-14T22:00:00+00:00
[GERMAN] Warnung vor Angriffen auf neue SAP-Netweaver-Lücke, Chrome und Draytek-Router
Die US-amerikanische IT-Sicherheitsbehörde CISA warnt vor Angriffen auf eine neue SAP-Netweaver-Lücke sowie auf Chrome und Draytek-Router.
Published: 2025-05-16T06:27:00+00:00
[ENGLISH] ⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Cybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow.  Just fixing problems isn’t enough anymore—resilience needs to be built into everything from the ground up.
Published: 2025-05-19T15:30:00+05:30

References

https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html

https://issues.chromium.org/issues/415810136