Google has issued a critical security alert for its Chrome browser, warning that it is vulnerable to attack and urging users to update immediately to prevent hackers from stealing login credentials and bypassing multi-factor authentication.
A fix has been released for the vulnerability, known as CVE-2025-4664, which allows an attacker to steal sensitive data included in a query parameter. This could lead to an account takeover if the stolen information is used to replicate a secure session on another device.
The U.S. government has mandated that all federal staff update their Chrome browsers by June 5, and users are advised to follow suit as soon as possible. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed all federal agency staff to “apply mitigations per vendor instructions… or discontinue use of the product if mitigations are unavailable.”
This means that users have just 21 days to update their browser before it is no longer safe to use. CISA’s formal mandate only applies to federal employees, but its guidance extends to all organizations to help them better manage vulnerabilities and keep pace with threat activity.
Experts warn that this vulnerability is particularly critical due to its classification as a zero-day flaw, which means that it was exploited by hackers before the patch was released. This has heightened the urgency for mitigation and emphasizes the importance of updating Chrome immediately.
Google’s fix came with a warning about reports of an exploit existing in the wild, and experts believe that this vulnerability is already being used by attackers to steal sensitive information. Users should check their browser for the notification that an update has been downloaded and relaunch it to ensure that it installs.
The recommended update for Chrome is version 136.0.7103.113/.114. It is imperative that users patch now, as this vulnerability poses significant risks, including unauthorized data leakage across web origins.
Experts recommend checking Chrome’s status immediately and updating the browser as soon as possible to prevent any potential attacks. Dozens of open tabs should not hold you back from taking this essential step in maintaining online security.
Source: Forbes
