Latest news with #CVE-2025-4664
Forbes
20-05-2025
- Forbes
Google Chrome — Relaunch Your Browser Now To Stop Hacks
Relaunch your Google Chrome browser now. Update, May 20, 2025: This story, originally published May 19, has been updated with further advice regarding Chrome browser security updates from Google, as well as what you can do if your Chrome update fails. Do you use the Google Chrome browser? Silly question, really, considering it's the world's most popular browsing platform with more than three billion users. Here's another question, then: when was the last time you relaunched Chrome? If the answer is I don't know, then you could be leaving yourself, your system and your data open to attack. Not only do you need to act now, but you should act regularly if you want to be protected against the ongoing Chrome hacker threat. Here's what you need to know. I hope you are sitting down as I'm about to take you on a whistle-stop recent news headlines tour to explain precisely why you need to take the Chrome browser attack threat seriously. Let's start on March 4, when Google confirmed no less than nine newly discovered browser security vulnerabilities, followed by another five just six days later. Fast forward to March 20, and a new critical Chrome vulnerability dropped, with more on April 16, April 22, April 29 and May 6. It was on May 14, however, that Google confirmed the most critical in this long list of Chrome security vulnerabilities, CVE-2025-4664. Why so critical? Because, according to the U.S. Cybersecurity and Infrastructure Security Agency, it was already being exploited by attackers in the wild. All security vulnerabilities are serious, but some are to be taken more seriously than others. If a Chrome zero-day emerges, where attackers are already out there exploiting that vulnerability, then action needs to be taken fast, as the hackers won't be wasting time waiting. With Chrome attackers looking to bypass 2FA protections, and compromise passwords, proactive defensive measures are a must. Which is where relaunching the Chrome browser comes into play. The one commonality between the aforementioned Chrome security vulnerabilities is that they were all disclosed by Google, along with the confirmation that an update to patch them was also being rolled out to users. While the security updating process is automatic for the Chrome browser, that doesn't mean you are protected as soon as the Google announcement drops. Indeed, those announcements themselves all state that patches will 'roll out over the coming days and weeks.' Which is nice, but less than comforting, especially in those cases where you know attackers already have the exploit code and attacks are underway. Relaunch your Google Chrome Browser to activate update protections. Luckily, you don't actually have to wait for the security update to find you, you can go and find it. Or, more accurately, you can kickstart the process and let your Chrome browser go get it for you. This is as simple as choosing the About Google Chrome option from the Chrome Help menu. Doing that will automatically start the process, check for any outstanding updates, download them and install them. What it won't do, however, is activate the security patch unless you relaunch your browser. Don't worry, this shouldn't impact all those open tabs you have, as Chrome saves these and reopens them upon restarting. Google itself has pointed out that while relaunching your browser happens in most cases, as a typical user will close and open the app regularly, 'if you haven't closed your browser in a while, you might see a pending update.' If there's no relaunch option to be found, Google said, 'you're on the latest version.' It should be noted, however, that during the relaunch process following a successful security update, while Chrome will save and reload the tabs you have opened, this isn't the case if you are browsing in Incognito mode. The reasons for this are pretty self-explanatory, given the privacy-focused nature of this mode. 'Your Incognito windows won't reopen when Chrome restarts,' Google said, so it advised users in this situation who don't want to lose those tabs to select the 'not now' option and let the update activate the next time that Chrome is restarted instead. But what if your Chrome browser security update fails to install? Google has some advice for users in this unlikely scenario as well. Trying to download the update again is the primary option, followed by uninstalling and reinstalling Chrome. Checking that antivirus or parental control applications aren't blocking the update from downloading is also recommended, as is the old IT Crowd chestnut of have you tried turning it off and on again. If it helps, here are the common update errors that people might see and what they mean: If you genuinely care about your Chrome security, and the sheer number of newly discovered vulnerabilities and ongoing attacks against the most popular web browsing platform suggest you must, then regularly checking for security updates and relaunching your browser is essential. You know what to do: make that check and relaunch your Google Chrome browser now.
The Irish Sun
18-05-2025
- The Irish Sun
Alert for ALL Google Chrome users to ‘relaunch' browsers now – or device could be hijacked by worrying ‘zero-day' flaw
GOOGLE Chrome users have been warned to urgently update their browsers to avoid a potential cyber attack. The tech giant has issued an alert to anyone who uses the browser on their PC. Advertisement 1 Google Chrome had a worrying glitch that could lead to hijacking Credit: Getty A concerning bug has been found on the popular app which could lead to hijacking of your device. The bug has been given a "zero-day" mark which indicates that the vulnerability is being actively used by hackers in the wild. Google has acted swiftly to address the issue and has now patched the browser to prevent it from any further attacks. Google said: "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild. Advertisement read more on tech "The Stable channel has been updated to 136.0.7103.113/.114 for Windows, Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks." However, the fix will only work after it has been downloaded and installed on your browser. Vsevolod Kokorin, a security researcher at Solidlab, was the first to discover this most recent Chrome issue and confirmed that it may result in an account takeover by cybercriminals. It is now crucial to make sure you are using the most recent version of Chrome if you use it as your primary web browser. Advertisement Most read in Tech Live Blog To accomplish this, just select "About Chrome" after clicking on the Chrome in the toolbar. Make sure you have rebooted your browser to the latest version as soon as possible. Mobile phone users never have to make calls AGAIN as Google launches bizarre new tool for appointments and more It comes just hours after Google users have been alerted to check their accounts or And it's especially worthwhile if you've ever used and want to remember key places visited in the past. Advertisement has been warning users for sometime that changes are coming soon. Google Maps has a The tool is especially handy for remembering special spots, such as where you met a partner or a fancy restaurant you once visited. The tech giant is moving things around so data is kept on-device instead of in the cloud. Advertisement Failure to act will result in users losing this past data. That deadline is now here, set for today.
Scottish Sun
18-05-2025
- Scottish Sun
Alert for ALL Google Chrome users to ‘relaunch' browsers now – or device could be hijacked by worrying ‘zero-day' flaw
Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) GOOGLE Chrome users have been warned to urgently update their browsers to avoid a potential cyber attack. The tech giant has issued an alert to anyone who uses the browser on their PC. Sign up for Scottish Sun newsletter Sign up 1 Google Chrome had a worrying glitch that could lead to hijacking Credit: Getty A concerning bug has been found on the popular app which could lead to hijacking of your device. The bug has been given a "zero-day" mark which indicates that the vulnerability is being actively used by hackers in the wild. Google has acted so swiftly to address the issue and has now patched the browser to prevent it from any further attacks. Google said: "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild. "The Stable channel has been updated to 136.0.7103.113/.114 for Windows, Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks." However, the fix will only work after it has been downloaded and installed on your browser. Vsevolod Kokorin, a security researcher at Solidlab, was the first to discover this most recent Chrome issue and confirmed that it may result in an account takeover by cybercriminals. It is now crucial to make sure you are using the most recent version of Chrome if you use it as your primary web browser. To accomplish this, just select "About Chrome" after clicking on the Chrome in the toolbar. Make sure you have rebooted your browser to the latest version as soon as possible. Mobile phone users never have to make calls AGAIN as Google launches bizarre new tool for appointments and more It comes just hours after Google users have been alerted to check their accounts or risk losing their data forever. And it's especially worthwhile if you've ever used Google Maps and want to remember key places visited in the past. Google has been warning users for sometime that changes are coming soon. Google Maps has a Timeline feature - previously known as Location History - which keeps a record of any you've been to via the app. The tool is especially handy for remembering special spots, such as where you met a partner or a fancy restaurant you once visited. The tech giant is moving things around so data is kept on-device instead of in the cloud. Failure to act will result in users losing this past data. That deadline is now here, set for today.
Yahoo
17-05-2025
- Yahoo
Chrome patched this bug, but CISA says it's still actively exploited
When you buy through links on our articles, Future and its syndication partners may earn a commission. Google patched a new Chrome bug recently Now, CISA added that vulnerability to KEV, signaling abuse in the wild Federal agencies have three weeks to update Chrome The US Cybersecurity and Infrastructure Security Agency (CISA) added a new Chrome bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling abuse in the wild, and giving Federal Civilian Executive Branch (FCEB) agencies a deadline to patch things up. The flaw is tracked as CVE-2025-4664. It was recently discovered by security researchers Solidlab, and is described as an 'insufficient policy enforcement in Loader in Google Chrome'. On NVD, it was explained that the bug allowed remote threat actors to leak cross-origin data via a crafted HTML page. "Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource,' researcher Vsevolod Kokorin, who was attributed with discovering the bug, explained. 60% off for Techradar readers With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus. Preferred partner (What does this mean?)View Deal The flaw was first uncovered on May 5, with Google coming back with a patch on May 14. The browser giant did not discuss if the flaw was being exploited in real-life attacks, but it did state that it had a public exploit (which basically means the same thing). Now, with CISA adding the bug to KEV, FCEB agencies have until June 5 to patch their Chrome instances or stop using the browser altogether. The first clean versions are 136.0.7103.113 for Windows/Linux and 136.0.7103.114 for macOS. In many cases, Chrome would deploy the update automatically, so just double-check which version you're running. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned. Indeed, the web browser is one of the most frequently targeted programs, since it handles untrusted data from countless sources around the web. Cybercriminals are always looking for vulnerabilities in browser code, plugins, or poorly secured websites, in an attempt to grab login credentials, or other ways to compromise the wider network. Via BleepingComputer Solar grids could be hijacked and even potentially disabled by these security flaws Take a look at our guide to the best authenticator app We've rounded up the best password managers
Daily Mirror
16-05-2025
- Daily Mirror
Everyone using Chrome must check their web browser now - don't ignore new alert
Chrome users are being urged to check their browser immediately. Google has just released an urgent Chrome update, and it's definitely not something users of this popular web browser should ignore. It's been confirmed that the latest download from the US technology giant fixes a bug that's been found within the application. Although that may not sound like a reason to go dashing to the settings and installing a new version of Chrome there's an important reason why users must act as soon as possible. It's been revealed that the issue has been given the dreaded zero-day stamp. That basically means hackers are already aware of the flaw and have been actively exploiting it in the wild. This is why Google has rushed to fix things so quickly. "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild," Google said in a Wednesday security advisory. The gremlin was initially found by Solidlab security researcher Vsevolod Kokorin, who says the flaw could eventually lead to an account takeover by cyber thieves. "Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource," Kokorin explained. If you use Chrome, it's now vital to check you are running the very latest version. "The Stable channel has been updated to 136.0.7103.113/.114 for Windows, Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks," Google confirmed. Most users are already seeing this update in their settings so check now and reboot your browser without delay.
