A zero-day vulnerability (CVE-2025-4664) affecting Google Chrome and Chromium browsers on Windows and Linux enables malicious sites to leak sensitive cross-origin data via the Link HTTP header. Users are urged to update their browsers promptly, and Wazuh’s Vulnerability Detection module can help identify affected endpoints. #CVE2025-4664 #GoogleChrome #Chromium
Keypoints
- CVE-2025-4664 is a zero-day vulnerability affecting Google Chrome on Windows and Chromium on Debian and Gentoo Linux.
- The flaw resides in how Chrome handles the Link HTTP header on sub-resource requests, leaking full referrer URLs including sensitive tokens.
- This vulnerability allows malicious websites to exfiltrate cross-origin data such as OAuth and session IDs to attacker-controlled servers.
- All Chrome versions before 136.0.7103.113 and Chromium versions up to 120.0.6099.224 on affected Linux distros are vulnerable.
- Google has released emergency patches for Windows and Gentoo Linux users; Debian Linux users should uninstall vulnerable Chromium versions until updates are available.
- Wazuh’s Vulnerability Detection module can detect vulnerable software versions and generate alerts to assist in mitigation efforts.
- Users can verify remediation via the Wazuh dashboard by querying CVE-2025-4664 and confirming the status changes from Active to Solved.
MITRE Techniques
- [T1537] Data from Information Repositories – Exploited the Link HTTP header to leak cross-origin data, allowing attackers to steal sensitive tokens and session credentials (“…causes Chrome to leak full referrer URLs…”).
- [T1071] Application Layer Protocol – Used HTTP headers manipulation to exfiltrate data to third-party attacker-controlled servers.
Indicators of Compromise
- [CVE ID] vulnerability identifier – CVE-2025-4664 used to detect and track affected software.
- [Software Versions] vulnerable package versions – Google Chrome before 136.0.7103.113 on Windows and Gentoo Linux, Chromium up to 120.0.6099.224 on Debian 11 Linux.
- [HTTP Header] exploited protocol header – Link HTTP header manipulated to bypass referrer policy protections.
Read more: https://wazuh.com/blog/detecting-chrome-cve-2025-4664-vulnerability-with-wazuh/