- Google Chromes unique handling of referring-policy creates a large loophole for silent data fi ring
- CVE-2025-4664 shows that even trusted browsers are not immune against disastrous zero-day vulnerabilities
- Data across origin is ready to get hold of if you have not updated Chrome or Chromium
A newly revealed zero-day vulnerability affecting both Windows and Linux systems could set billions of Google Chrome and Chromium users with serious risk of data theft, experts have warned.
Researchers from Wazuh claim that this error track as CVE-2025-4664-Aaller has drawn urgent attention due to its ability to leak sensitive transverse origin data such as OAUTH-tokens and session identifiers without user interaction.
The error identified in the Loader component of Chrome and Chromium browsers relates to how these browsers process LINK HTTP heads for requests for under-resource such as images or scripts.
Chrome opens the door to data leaks
Unlike other mainstream browsers, Chrome honors referral policy Directive even on under-resources.
This behavior allows for a malicious place to inject a slack policy, such as uncertain url, which effectively delicious full URLs, including sensitive data, to third-party domains.
This type of utilization bypasses conventional browser defense and undermines direct general security assumptions in web infrastructure.
Wazuh claims it can detect and mitigate this error via its Wazuh vulnerability detection module using data from its Cyber Threat Intelligence (CTI) service to monitor software versions and raise alarms when vulnerable packages are found.
In a laboratory environment created using Wazuh OVA 4.12.0, security researchers demonstrated how final points drove Windows 11 and Debian 11 could be scanned to identify whether they were running vulnerable versions of Chrome or Chromium.
As noted in Wazuh’s dashboard, users are instructed to add the CVE-2025-4664 query to quickly insulate affected systems where the module updates vulnerability status from “active” to “loosely” when confirmed steps.
Google has issued an emergency to solve the problem on Windows and Gentoo Linux systems. Users on these platforms are advised to update their browsers right away.
For Chromium users on Debian 11, all versions remain up to 120.0.6099,224 vulnerable and no updated package has yet been released. Users are encouraged to uninstall the browser until a patched version becomes available.
Despite these quick actions, it remains broader concern: How can users and businesses reliably protect themselves from browser-based zero-day utilization?
It is important to use patches, but that only relying on browser updates can leave significant holes. For this reason, it is recommended to use endpoint point protection platforms along with malware protection and antivirus solutions to remain in safety.
These tools provide layered defense that goes beyond browser vulnerability that offers real-time detection and inclusion of exploitation attempts.
