<ul><li>Google patched a new Chrome bug recently.</li><li>The US Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation.</li><li>Federal Civilian Executive Branch (FCEB) agencies have three weeks to update Chrome or stop using the browser altogether to address the CVE-2025-4664 flaw.</li><li>The bug, which allows remote threat actors to leak cross-origin data via a crafted HTML page, needs to be addressed due to the risks it poses to cybersecurity.</li></ul>

Chrome patched this bug, but CISA says it's still actively exploited

Discover more