If you’ve been holding off on updating your browser, now is the time to do so as a new set of emergency security updates for Chrome include fixes for a high-severity vulnerability that can be used by hackers to take over your Google account.
As reported by BleepingComputer, these new security updates patch a total of 4 flaws, though one is particularly worrying due to the fact that it has been actively exploited by hackers in the wild.
The vulnerability in question (tracked as CVE-2025-4664) was discovered by a security researcher at Solidlab that described it as an insufficient policy enforcement in Chrome’s Loader component. If exploited, it could allow remote attackers to leak cross-origin data by leading potential victims to malicious sites.
In a post on X, Solidlab’s Vsevolod Kokorin explained that the flaw can be used to gain access to query parameters which can contain sensitive data. For instance, if someone is using the OAuth authorization framework, the data in a query parameter can be stolen and used to perform an account takeover.
According to a security advisory from Google, the search giant is aware that an exploit for this flaw exists in the wild. This means that hackers could already be using it in their attacks. Fortunately though, it has now been patched in a series of Chrome security updates that will roll out to all users in the coming days and weeks.
How to keep Chrome safe from hackers
Just like with the best phones, the easiest way to keep Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, Brave and Vivaldi safe from hackers is to ensure that you install updates as soon as they become available.
Chrome makes it very simple to know when an update is available as Google uses a color-coded warning system. If you take a look at your profile picture, a bubble will appear next to it when there’s an update for the browser. This bubble will be green for a 2-day-old update, orange for a 4-day-old update and red when an update was released a week ago.
If you don’t want to wait for an update to appear, you can also manually update Chrome by clicking on the three-dot menu in the upper right-hand corner of your browser. From there, you need to open Settings and then go to About Chrome. If an update is ready to be installed, Chrome will automatically begin downloading it, and it will be applied the next time you restart your browser.
Besides keeping your browser updated regularly, you also want to be careful when installing new extensions. Malicious browser extensions are one of the main tools that hackers use to steal sensitive browser data like passwords. For this reason, you want to avoid installing unnecessary extensions and audit the extensions you do have installed from time to time. If you haven’t used an extension recently, it’s best to uninstall it because just like the apps on your phone, good browsers extensions can turn bad when injected with malicious code.
As for keeping your computer safe from malware and other cyberattacks, you want to make sure that you’re using the best antivirus software on your Windows PC or the best Mac antivirus software on your Apple computer. For even more protection though, you might also want to consider signing up for one of the best identity theft protection services since they can help you recover your identity if it’s stolen as well as get back any funds lost to fraud.
Google frequently updates Chrome to fix security flaws like the one described above. However, it’s up to you to keep your browser updated when patches do become available. If you regularly update your browser and avoid clicking on links in messages and emails from unknown senders, you should be able to stay safe online.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
