Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4664 PoC — Google Chrome 安全漏洞

Source
https://github.com/amalmurali47/cve-2025-4664
Associated Vulnerability
Title:Google Chrome 安全漏洞 (CVE-2025-4664)
Description:Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Description
PoC and Setup for CVE-2025-4664
Readme
# CVE-2025-4664
This repository contains a PoC for exploiting CVE-2025-4664, a vulnerability where Chromium-based browsers leak sensitive URL parameters through Link header preload requests.

# Resources

For a detailed explanation of how this exploit works, read the blog post: https://amalmurali.me/posts/cve-2025-4664e.

Watch this video to understand the flow: 




<a href="https://vimeo.com/1097299035?share=copy" target="_blank"><img src="https://github.com/user-attachments/assets/ba4118f9-9df7-4713-8891-b569a354ac4b"></a>

## Files

- `target.py` - Vulnerable web application
- `idp.py` - SSO identity provider
- `attacker.py` - Malicious server that logs leaked tokens
- `templates/` - HTML templates for the demo
- `static/` - Static assets (logo, avatar, CSS)

## Setup

### Dependencies

```bash
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```

### Hosts File Configuration

Add these entries to your `/etc/hosts` file:

```
127.0.0.1 example.com
127.0.0.1 sso.example.com  
127.0.0.1 attacker.test
```

### Running the Demo

Start all three servers in separate terminals (after activating the venv):

```bash
# Terminal 1: Target application
python target.py

# Terminal 2: SSO Identity Provider  
python idp.py

# Terminal 3: Attacker server
python attacker.py
```

## Disclaimer

This repository is for educational purposes only. The information provided here is intended to help developers understand the vulnerability and protect their systems. Do not use this exploit maliciously or without permission. Use of this PoC is at your own risk. The author is not responsible for any damages or legal issues that may arise from the use of this information.
File Snapshot

 [4.0K]  /data/pocs/b8bbd4fc6d526dd024ecbe5c39cc8fec62c38923
├── [1.0K]  attacker.py
├── [2.6K]  idp.py
├── [1.7K]  README.md
├── [  38]  requirements.txt
├── [4.0K]  static
│   ├── [122K]  avatar.png
│   ├── [ 252]  logo.svg
│   └── [  41]  style.css
├── [2.3K]  target.py
└── [4.0K]  templates
    ├── [ 734]  index.html
    ├── [4.5K]  profile.html
    ├── [ 797]  redirecting.html
    └── [1.2K]  sso_login.html

2 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →