CVE-2025-4664: Insufficient policy enforcement in Loader in Google Chrome

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

• EPSS 0.1% (30.2% percentile)
• CVSS 4.3 medium

Related briefings

• Google Patches Two Chrome Zero-Days Exploited in the Wild — Skia and V8 Under Active Attack 2026-03-15

Browse the CVE database

Read the full analysis on IntelFusions