<ul><li>A zero-day vulnerability, CVE-2025-4664, affecting both Windows and Linux systems has been discovered in Google Chrome and Chromium browsers, putting billions of users at risk of data theft.</li><li>The vulnerability allows the leakage of sensitive cross-origin data like OAuth tokens and session identifiers, without user interaction, through the handling of the Link HTTP header for sub-resource requests.</li><li>Google has issued an emergency patch for Windows and Gentoo Linux systems, urging users to update their browsers immediately. Chromium users on Debian 11 remain vulnerable with no updated package available yet, advised to uninstall until patched.</li><li>Experts recommend using endpoint protection platforms, malware protection, and antivirus solutions in addition to applying browser patches to combat browser-based zero-day exploits.</li></ul>

Billions of Chrome users at risk from new data-stealing browser vulnerability - here's how to stay safe

Discover more