{"id":303236,"date":"2025-05-16T00:26:53","date_gmt":"2025-05-16T07:26:53","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/en\/?p=303236"},"modified":"2025-07-01T14:38:00","modified_gmt":"2025-07-01T21:38:00","slug":"google-has-fixed-a-critical-chrome-security-flaw-that-allowed-account-takeover-update-now","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/google-has-fixed-a-critical-chrome-security-flaw-that-allowed-account-takeover-update-now\/","title":{"rendered":"Google has fixed a critical Chrome security flaw that allowed account takeover: update now"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">A&nbsp;<strong>dangerous vulnerability in Google Chrome<\/strong>&nbsp;has been patched, and users are urged to update immediately. The flaw, known as CVE-2025-4664, could allow attackers to hijack your Google account by exploiting a loophole in Chrome\u2019s Loader component.&nbsp;<strong>This vulnerability has already been actively exploited<\/strong>, making it crucial for users to act fast and protect their data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What was the Chrome security flaw and why it matters<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The issue was discovered by Solidlab researcher Vsevolod Kokorin, who explained that the flaw stemmed from&nbsp;<strong>insufficient policy enforcement in the browser&#8217;s Loader<\/strong>. If a user visited a malicious website, attackers could exploit this flaw to&nbsp;<strong>steal sensitive query parameters<\/strong>, such as OAuth tokens used in Google login processes\u2014effectively opening the door to full account control.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Google confirmed the exploit was seen in the wild, meaning&nbsp;<strong>real attacks were already underway<\/strong>&nbsp;before the patch was released. The company quickly issued an emergency update to fix the problem and prevent further abuse.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to stay protected from browser-based attacks<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Updating Chrome is your first line of defense.<\/strong>&nbsp;Google uses a color-coded update bubble near your profile icon: green after 2 days, orange after 4, and red after 7. But don\u2019t wait\u2014go to Settings &gt; About Chrome to force the update manually.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Users should also avoid installing unnecessary extensions and regularly audit the ones they use.&nbsp;<strong>Malicious extensions remain a common attack vector<\/strong>, capable of leaking data or injecting harmful code. For added protection, antivirus software and identity theft monitoring services can further shield your data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Regular updates and cautious browsing habits<\/strong>&nbsp;are essential to keeping your information safe in today\u2019s digital world.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A&nbsp;dangerous vulnerability in Google Chrome&nbsp;has been patched, and users are urged to update immediately. The flaw, known as CVE-2025-4664, could allow attackers to hijack your Google account by exploiting a loophole in Chrome\u2019s Loader component.&nbsp;This vulnerability has already been actively exploited, making it crucial for users to act fast and protect their data. What was &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/google-has-fixed-a-critical-chrome-security-flaw-that-allowed-account-takeover-update-now\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Google has fixed a critical Chrome security flaw that allowed account takeover: update now&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9317,"featured_media":303237,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-303236","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/303236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9317"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=303236"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/303236\/revisions"}],"predecessor-version":[{"id":303238,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/303236\/revisions\/303238"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/303237"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=303236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=303236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=303236"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=303236"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=303236"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=303236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}