Google Issues Chrome Attack Warning—Check Your Browser Now
New Chrome attack warning.
Google has just ensured Microsoft won’t take all the cyber attack headlines for itself this week, confirming Chrome users are also now at risk. Clearly, given the browser’s dominance across Windows, that’s a double whammy for PC users.
Google has issued a fix for CVE-2025-4664, warning it is aware “of reports that an exploit exists in the wild.” This follows an X post from @slonser_ that “a technique that’s probably not widely known in the community” enabled a query parameter takeover that could exploit sensitive data included in the string. “In OAuth flows, this might lead to an Account Takeover” if the query parameter is stolen.
We have seen warnings in recent weeks that attackers have been intercepting or tricking users into copying and pasting such security strings, hijacking a secure session that can then be replicated on another device. This tactic bypassses two-factor authentication (2FA), when browsers have been used to access secure platforms.
Google describes the issue as an “insufficient policy enforcement in Loader.” This is now in the public domain, making it critical that users update Chrome to 136.0.7103.113/.114 as soon as it’s available. As ever, check your browser for the flag that an update has been downloaded, and then restart your browser to install it.
Separately, Google is also copying a recent Microsoft update. Per @Leopeva64, again on X, “Microsoft Edge detects when it has been launched with administrative privileges and, to minimize security risks, relaunches itself with standard user permissions, well, Microsoft is (once again) trying to incorporate this functionality into Chrome.”
Absent this change, anything downloaded and run through Chrome adopts your administrator rights and can wreak havoc on your PC. Per Bleeping Computer, “If you accidentally download and run a malicious file, it could execute with full system access, potentially compromising your entire OS without any warning.” Restricting this helps to contain the problem, albeit attackers look for other ways to elevate those privileges. All of which underlines the need to check your browser for the latest update.