UPDATES
1
2
2
1
threat
UPDATES
1
USA
Wazuh, a leader in open-source cybersecurity, has advised its users on CVE-2025-4664, a newly disclosed zero-day vulnerability affecting Google Chrome and Chromium-based browsers on Windows and Linux. The flaw was acknowledged by Google recently when the company confirmed that it was being targeted by threat actors in live attacks. Google Chrome has over three billion users worldwide.
The vulnerability allows malicious websites to quietly steal data from websites previously visited by users, such as login tokens or session IDs, by exploiting the way Chrome handles link headers. Unlike other browsers, Chrome can be tricked into revealing sensitive information in the full URL of a previous site, which attackers can then capture and send to their own servers.
The flaw stems from Chrome’ s handling of the HTTP header on sub-resource requests. Unlike other major browsers, Chrome honours referrer-policy directives set inside this header – even on images, scripts and other secondary resources. This behaviour can be exploited by attackers to downgrade referrer protections and leak full URLs, including embedded authentication tokens, to external servers.
2
UK
New figures paint a concerning picture for the UK’ s digital landscape, revealing that nearly 70 % of businesses have self-disclosed cybersecurity breaches to the ICO. Compounding the challenge, alarming data indicates that 46 % of remote or mobile workers knowingly jeopardised data security over the past year.
UK businesses are reporting a greater number of data breaches than ever before, according to annual research from Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardwareencrypted USB drives. The company’ s 2025 survey reveals that 69 % of organisations surveyed have self-disclosed a breach or potential breach to the Information Commissioner’ s Office( ICO) in the past year, up significantly from 53 % in 2024.
However, the shift could also be interpreted as evidence of a greater sense of awareness and accountability. Just 8 % of businesses surveyed were reported by a third party, compared to 14 % last year, indicating stronger internal reporting processes and a move away from reactive disclosure. This change suggests that businesses are beginning to take greater ownership over their breach response strategies and are stepping up to take responsibility.
Wazuh offers a dedicated detection strategy for CVE-2025-4664, enabling security teams to quickly identify vulnerable endpoints running affected Chrome and Chromium builds.
Jon Fielding, Managing Director, EMEA, Apricorn, warned that businesses cannot afford to confuse policy with protection.“ Too many organisations are relying on assumptions that policies are followed, that devices are secure, that staff know what to do, but if organisations want to reduce breach risk, they must give staff the right tools to do the right thing.”
2
1
24 WWW. INTELLIGENTCISO. COM