A Google Chrome vulnerability permitting the leak of OAuth codes was added to the Recognized Exploited Vulnerabilities catalog by the Cybersecurity & Infrastructure Safety Company (CISA) on Thursday.The flaw, tracked as CVE-2025-4664, is because of inadequate coverage enforcement within the Google Chrome Loader, Google stated Wednesday.The vulnerability was found by safety researcher Vsevolod Kokorin, who defined on X how an attacker may use the flaw to seize the complete question parameters of a referring URL.Kokorin famous that when Chrome sends a subresource request, equivalent to request to load a picture, it resolves the hyperlink header, which may doubtlessly embrace an attacker-controlled referrer-policy.Due to this fact, an attacker may set the referrer-policy to unsafe-url, that means the complete question parameters of the referring URL could be leaked to the attacker within the browser’s request.An attacker may plant these Hyperlink headers on a malicious HTML web page or a malicious 3rd-party useful resource on a official web page, like a picture embedded from a 3rd-pary malicious web site.Question parameters in URLs can comprise delicate info starting from e-mail addresses to OAuth codes, the latter of which may result in account takeover, Kokorin famous.The vulnerability, which was given a medium CVSS rating of 4.3 and designated as excessive severity by Google, was fastened in Chrome model 136.0.7103.113. Its inclusion within the KEV catalog signifies the attackers have tried to misuse the flaw within the wild and requires Federal Civilian Govt Department (FCEB) companies to make sure the flaw is resolved by June 5, 2025.CISA additionally added a command-injection flaw in DrayTek Vigor2960 and Vigor300B routers, tracked as CVE-2024-12987, and a important SAP NetWeaver deserialization vulnerability tracked as CVE-2025-42999 to the KEV catalog on Thursday. In March, a Google Chrome zero-day vulnerability tracked as CVE-2025-2783 was added to the KEV catalog. This flaw may have allowed a distant attacker to flee the browser’s sandbox setting.
