CVE-2025-4664

ENISA EUVD: EUVD-2025-14909 ↗

✓ Confirmed 0-Day

Triaged: March 5, 2026 10 articles Published: 2025-05-14

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.12%

probability

This CVE has a 0.12% probability of being exploited in the next 30 days.

0% Top 30.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

4.3

MEDIUM

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

VulnerabilityLookup (CNA)

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Affected Products

Google

Chrome

136.0.7103.113

google

chrome

Google

Chrome

136.0.7103.113 <136.0.7103.113

Exploits & PoC

Leviticus-Triage/ChromSploit-Framework

Advanced AI-Powered Exploitation Framework | CVE-2025-4664 & CVE-2025-2783 & CVE-2025-2857 & CVE-2025-30397 |

16 2026-01-18

amalmurali47/cve-2025-4664

PoC and Setup for CVE-2025-4664

4 2025-06-30

speinador/CVE-2025-4664

0 2025-06-12

3 repos — triés par ⭐ Rechercher sur GitHub ↗

https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html

https://issues.chromium.org/issues/415810136

Signal Intelligence

Confidenceⓘ

85%

EPSS 0.12%

CVSS v3.1 4.3

Mentions 10

Last Seen Dec 11, 2025

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2025-4664 is explicitly named in articles as a zero-day exploited in attacks, with titles stating 'Google patches sixth Chrome zero-day exploited in attacks this year' and 'Google fixes new Chrome zero-day flaw exploited in attacks.' CISA tagged it as actively exploited post-patch. Exploitation in the wild is clearly documented with timing consistent with active attacks preceding or coinciding with the May 2025 patch.

Threat Actors 7

Cobalt

apt_group Financial crime 🇷🇺 RU

Earth Lusca

apt_group Information theft and espionage 🇨🇳 CN

Hacking Team

apt_group 🇮🇹 IT

Tick

apt_group Information theft and espionage 🇨🇳 CN

HAZY TIGER

apt_group Information theft and espionage 🇮🇳 IN

Luna Moth

apt_group

Operation Cobalt Whisper

apt_group Financial crime 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateMay 14, 2025