Chrome vulnerability with exploit in the wild
Google is updating Chrome and plugging security leaks in the process. There is already an exploit for one of them, the company explains.
(Image: heise online / dmk)
Google developers have discovered security vulnerabilities in their Chrome web browser and released updated software. Attackers from the web can use the gaps to gain unauthorized access to information. An exploit for this vulnerability is already circulating on the web.
In the version announcement, Google's developers explain that they are sealing four security gaps with the updated version. As only two of these have been reported by external IT researchers, Google is only providing snippets of information on these two.
Google Chrome: Vulnerability with exploit
One vulnerability is based on insufficient policy enforcement in the “Loader” component of Chrome. The vulnerability entry adds that attackers from the network can use this to “cross-originate” information with manipulated HTML pages – one website can use this to access information from another (CVE-2025-4664 / EUVD-2025-14909, CVSS 4.3, risk “high” according to Google, “medium” according to CVSS). “Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild,” the manufacturer continues.
A second vulnerability affects the Mojo component – it is used for inter-process communication –, which can return incorrect handles under unspecified circumstances. Google does not describe the potential effects in more detail; neither the CVE nor the EUVD entry are publicly available yet, which generally provides a half-sentence more information (CVE-2025-4609, no CVSS value, risk “high” according to Google). There is no information on the other two vulnerabilities so far, apart from the fact that they exist.
Videos by heise
The bug-fixed browser versions are Google Chrome 136.0.7103.125 for Android, 136.0.7103.113 for Linux and 136.0.7103.113/114 for macOS and Windows.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier eine externe Umfrage (Opinary GmbH) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Opinary GmbH) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
Perform a version check
The updated program versions can be installed by calling up the version dialog if the browser is not yet up to date. This can be checked by clicking on the browser menu, which is located behind the icon with the three stacked dots on the right-hand side of the address bar. The further path then goes via “Help” to “About Google Chrome”.
(Image:Â heise online / dmk)
Under Linux, the software administration of the distribution used is usually responsible for updating. The security vulnerabilities affect the Chromium base and are therefore also likely to make browsers derived from it, such as Microsoft's Edge, vulnerable. Microsoft usually provides an update for this on Friday. Users should then apply it quickly – this can also be done there via the version dialog.
(dmk)
