Google has fixed a critical Chrome security flaw that allowed account takeover: update now

A dangerous vulnerability in Google Chrome has been patched, and users are urged to update immediately. The flaw, known as CVE-2025-4664, could allow attackers to hijack your Google account by exploiting a loophole in Chrome’s Loader component. This vulnerability has already been actively exploited, making it crucial for users to act fast and protect their data.

What was the Chrome security flaw and why it matters

The issue was discovered by Solidlab researcher Vsevolod Kokorin, who explained that the flaw stemmed from insufficient policy enforcement in the browser’s Loader. If a user visited a malicious website, attackers could exploit this flaw to steal sensitive query parameters, such as OAuth tokens used in Google login processes—effectively opening the door to full account control.

Google confirmed the exploit was seen in the wild, meaning real attacks were already underway before the patch was released. The company quickly issued an emergency update to fix the problem and prevent further abuse.

How to stay protected from browser-based attacks

Updating Chrome is your first line of defense. Google uses a color-coded update bubble near your profile icon: green after 2 days, orange after 4, and red after 7. But don’t wait—go to Settings > About Chrome to force the update manually.

Users should also avoid installing unnecessary extensions and regularly audit the ones they use. Malicious extensions remain a common attack vector, capable of leaking data or injecting harmful code. For added protection, antivirus software and identity theft monitoring services can further shield your data.

Regular updates and cautious browsing habits are essential to keeping your information safe in today’s digital world.