CVE-2025-4664

MEDIUM EXPLOITED

Google Chrome <136.0.7103.113 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2025-4664 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Leviticus-Triage, amalmurali47, manus-use.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2025-4664, targeting Firefox ESR 115.11 via arbitrary JavaScript execution in PDF.js. The exploit generates a malicious PDF file that triggers the vulnerability when opened.

Description

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Exploits (5)

nomisec WORKING POC 13 stars

by Leviticus-Triage · poc

https://github.com/Leviticus-Triage/ChromSploit-Framework

View Code ZIP pw:eip

This repository contains a Python-based exploit for CVE-2025-4664, targeting Firefox ESR 115.11 via arbitrary JavaScript execution in PDF.js. The exploit generates a malicious PDF file that triggers the vulnerability when opened.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Firefox ESR 115.11

No auth needed

Prerequisites: Vulnerable version of Firefox ESR · User interaction to open the malicious PDF

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by amalmurali47 · client-side

https://github.com/amalmurali47/cve-2025-4664

View Code ZIP pw:eip

This PoC demonstrates CVE-2025-4664, a vulnerability in Chromium-based browsers where sensitive URL parameters are leaked through Link header preload requests. The exploit involves a malicious server that logs leaked tokens via a crafted Link header with referrerpolicy=unsafe-url.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Chromium-based browsers

No auth needed

Prerequisites: Victim must visit a malicious page hosting the exploit · Chromium-based browser with the vulnerability

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by manus-use · postscriptpoc

https://github.com/manus-use/cve-pocs/tree/main/chrome-CVE-2025-4664

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2025-32433, an Erlang OTP SSH vulnerability, demonstrating pre-authentication remote command execution via crafted SSH packets. The PoC includes a Dockerized vulnerable environment and a Python script to trigger the exploit.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Erlang OTP SSH (OTP-22.3.4.17)

No auth needed

Prerequisites: network access to target SSH port · vulnerable Erlang OTP version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by speinador · poc

https://github.com/speinador/CVE-2025-4664

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2025-4664, a vulnerability in Google Chrome's Loader component that allows cross-origin data leakage via manipulated `referrer-policy` directives in HTML link tags. The PoC includes a Flask-based attacker server to capture leaked referrer headers.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome < 136.0.7103.113

No auth needed

Prerequisites: Victim uses vulnerable Chrome version · Victim visits attacker-controlled page · Sensitive data in URL parameters

MITRE ATT&CK

T1189 - Drive-by Compromise T1567 - Exfiltration Over Web Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

vulncheck_xdb WORKING POC

client-side

https://github.com/speinador/CVE-2025-4664-

View Code ZIP pw:eip

The repository contains a functional proof-of-concept for CVE-2025-4664, demonstrating how Google Chrome's improper handling of the `referrer-policy` directive in HTTP Link headers can lead to cross-origin data leakage. The PoC includes a Python-based attacker server and an HTML file to simulate the exploit.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome versions prior to 136.0.7103.113

No auth needed

Prerequisites: Victim uses unpatched Google Chrome · Victim site includes sensitive data in URLs · Attacker-controlled server to capture leaked referrer data

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes

https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html

Permissions Required

https://issues.chromium.org/issues/415810136

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-05-14

Status published

Products (1)

google/chrome < 136.0.7103.113

Published May 14, 2025

Tracked Since Feb 18, 2026