A Google Chrome vulnerability allowing the leak of OAuth codes was added to the Known Exploited Vulnerabilities catalog by the Cybersecurity & Infrastructure Security Agency (CISA) on Thursday.The flaw, tracked as CVE-2025-4664, is due to insufficient policy enforcement in the Google Chrome Loader, Google said Wednesday.The vulnerability was discovered by security researcher Vsevolod Kokorin, who explained on X how an attacker could use the flaw to capture the full query parameters of a referring URL.Kokorin noted that when Chrome sends a subresource request, such as request to load an image, it resolves the link header, which could potentially include an attacker-controlled referrer-policy.Therefore, an attacker could set the referrer-policy to unsafe-url, meaning the full query parameters of the referring URL can be leaked to the attacker in the browser’s request.An attacker could plant these Link headers on a malicious HTML page or a malicious 3rd-party resource on a legitimate page, like an image embedded from a 3rd-pary malicious site.Query parameters in URLs can contain sensitive information ranging from email addresses to OAuth codes, the latter of which could lead to account takeover, Kokorin noted.The vulnerability, which was given a medium CVSS score of 4.3 and designated as high severity by Google, was fixed in Chrome version 136.0.7103.113. Its inclusion in the KEV catalog indicates the attackers have attempted to misuse the flaw in the wild and requires Federal Civilian Executive Branch (FCEB) agencies to ensure the flaw is resolved by June 5, 2025.CISA also added a command-injection flaw in DrayTek Vigor2960 and Vigor300B routers, tracked as CVE-2024-12987, and a critical SAP NetWeaver deserialization vulnerability tracked as CVE-2025-42999 to the KEV catalog on Thursday. In March, a Google Chrome zero-day vulnerability tracked as CVE-2025-2783 was added to the KEV catalog. This flaw could have allowed a remote attacker to escape the browser’s sandbox environment.
