{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"CISA Flags Chrome Vulnerability CVE-2025-4664: Patch Before June 5th","html":"","width":"100%","height":180,"duration":704,"description":"In this episode, we break down the recently discovered and actively exploited Chrome vulnerability CVE-2025-4664—a high-severity flaw stemming from insufficient policy enforcement in Chrome’s Loader component. This vulnerability allows attackers to leak cross-origin data, including sensitive query parameters and session information, via crafted HTML pages. Even more alarming: it's not limited to Chrome. Other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi are also at risk.We’ll explore the technical mechanism behind the flaw, how it abuses Link headers and referrer-policy directives, and why it's capable of bypassing same-origin protections, putting OAuth-based login flows and session security at risk. With confirmed active exploitation, CVE-2025-4664 has been added to CISA’s Known Exploited Vulnerabilities Catalog, triggering federal mandates to patch or discontinue use of vulnerable versions before June 5, 2025.Our discussion covers:How the vulnerability works and why it’s dangerousWhich browsers and versions are affectedThe urgency of applying the latest Chrome and Edge updatesSecurity best practices and monitoring recommendations for SOC teamsLessons this incident teaches about browser security architectureDon’t miss this essential security update—whether you're managing enterprise systems or browsing on your personal laptop, this vulnerability demands immediate attention.🎧 Tune in to learn how to stay protected.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}