Chrome Crisis: Zero-Day CVE-2025-4664 Lets Hackers Hijack Devices
- Anup Ghosh
- 14 minutes ago
- 1 min read
The Download
CVE-2025-4664 is a serious zero-day vulnerability in Google Chrome that has been actively exploited in the wild, allowing attackers to hijack user devices through crafted web content. For business owners, MSPs, and IT operators, this poses an immediate and widespread risk—Chrome is one of the most widely used browsers in enterprise environments. A successful exploit could give an attacker access to session tokens, browser-stored credentials, or even control over a device—jeopardizing sensitive data, business continuity, and user trust.
What You Can Do
Act fast: ensure all Chrome installations across Windows, Mac, and Linux environments are updated to version 136.0.7103.113/.114 or later. Push updates centrally through MDM tools or Group Policy where possible, and enforce a restart to activate the patch. Educate users to be wary of unusual browser behavior and avoid suspicious websites until patched. As a defense-in-depth measure, limit local admin rights on devices to reduce post-exploitation impact.
Use ThreatMate to identify which endpoints have this and other vulnerabilities that present material risk to your clients' networks.
To Learn More: