Google released Chrome 136 to fix four vulnerabilities, including one actively exploited in the wild. The update addresses a critical flaw related to cross-origin data leaks and other security issues.
Affected: Chrome browsers on Windows, macOS, and Linux systems.
Keypoints
- Chrome 136 patches four security vulnerabilities, including one exploited in the wild.
- The major flaw (CVE-2025-4664) involves insufficient policy enforcement in the Loader that could leak cross-origin data.
- Security researcher Vsevolod Kokorin disclosed the issue, revealing an attack method involving modification of the Link header.
- The update is available for Windows, macOS, and Linux, and users are urged to update promptly.
- Threat actors are quick to target Chrome vulnerabilities after public disclosure of exploits.
Read More: https://www.securityweek.com/chrome-136-update-patches-vulnerability-with-exploit-in-the-wild/