Chrome Vulnerability: Patched

The bad news: Google, the most popular browser in the world, released an emergency update for the Chrome browser to patch a vulnerability, CVE-2025-4664. Chrome updates automatically, but if a user doesn’t close the browser, the patch version will not update and has to be done manually. The patch, available for Windows and Macs, has been ‘pushed’ for all Syscon managed devices. If yours are not managed by us, close the browser to allow the patch update, or give us a call so we can check with you.

So what was the risk, the exposure? Turns out there was an insufficient policy enforcement which handles resource requests. Typically, when a user visits a website related to sensitive information, the URL can include a secret code as proof that the user is legitimate. With this vulnerability, a bad actor can trick your browser into sending a secret code to a malicious website by embedding an image. The threat actor can then harvest the full URLs allowing them to steal private info without the victim’s knowledge, giving them unauthorized access to a user’s email account.

According to our Advanced Security partner, they have not seen the exploitation of this vulnerability in the environments they manage; a silver lining, I guess! – CMW