Google patches Chrome vulnerability with public exploit.

Summary

By the CyberWire staff

At a glance.

Google patches Chrome vulnerability with public exploit.
Coinbase offers $20 million bounty for arrest of extortionists.
US steel manufacturer hit by cyberattack.

Google patches Chrome vulnerability with public exploit.

Google has issued emergency security updates to fix a high-severity vulnerability (CVE-2025-4664) affecting Chrome, BleepingComputer reports. The vulnerability is an insufficient policy enforcement that can allow "a remote attacker to leak cross-origin data via a crafted HTML page." It's not clear if the flaw is under active exploitation, but Google says it's "aware of reports that an exploit for CVE-2025-4664 exists in the wild."

Solidlab security researcher Vsevolod Kokorin, who discovered the flaw, explained in an X post, "[U]nlike other browsers, Chrome resolves the Link header on subresource requests. But what's the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters. Query parameters can contain sensitive data - for example, in OAuth flows, this might lead to an Account Takeover. Developers rarely consider the possibility of stealing query parameters via an image from a 3rd-party resource."

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Coinbase offers $20 million bounty for arrest of extortionists.

Cryptocurrency exchange operator Coinbase has disclosed an extortion attempt involving theft of customer data, the Record reports. The company refused to pay a $20 million ransom demand, and is instead offering $20 million for information leading to the arrest of the crooks.

Coinbase stated, "Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers. No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker."

Coinbase Chief Security Officer Philip Martin told Fortune that the bribed workers, who were located in India, have been fired.

On the State of modern web application security

Web applications remain a top attack vector for cybercriminals, according to the latest Verizon DBIR. Take a listen to the on-demand discussion with Outpost24 and N2K CyberWire’s Dave Bittner on today’s web application threats, vulnerabilities, and practical strategies to strengthen your defenses. Register now to access it on-demand.

US steel manufacturer hit by cyberattack.

North Carolina-based Nucor, one of the largest steel manufacturers in the world, has disclosed a cyberattack that led to "unauthorized third party access to certain information technology systems." The company took certain systems offline as a precaution, which halted production at some locations. The company says it is "currently in the process of restarting the affected operations," and is "actively investigating the incident with the assistance of leading external cybersecurity experts."

Manufacturing Dive notes that Nucor produces around a quarter of all raw steel in the US.

Web applications remain a top attack vector for cybercriminals, according to the latest Verizon DBIR. Join us Tuesday, May 13th at 12pm ET for a live discussion with Outpost24 and N2K CyberWire’s Dave Bittner on today’s web application threats, vulnerabilities, and practical strategies to strengthen your defenses. Register now to join the live event or access it on-demand.

Notes.

Today's issue includes events affecting , and the United States.

Attacks, Threats, and Vulnerabilities

Google says hackers behind UK retail cyber campaign now also targeting US (The Record) "US retailers should take note" of recent cyberattacks on British companies, according to Google's Threat Intelligence Group, as the financially motivated collective known as Scattered Spider appears to be connected.

What we know about DragonForce ransomware (The Register) Would you believe it, this RaaS cartel says Russia is off limits

Legislation, Policy, and Regulation

CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED) Russell Vought, acting director of the Consumer Financial Protection Bureau, has canceled plans to more tightly regulate the sale of Americans’ sensitive personal data.

Litigation, Investigation, and Law Enforcement

The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED) Following a WIRED inquiry, Telegram banned thousands of accounts used for crypto-scam money laundering, including those of Haowang Guarantee, a black market that enabled over $27 billion in transactions.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

CYSAT (Paris, France, May 14 - 15, 2025) In today’s society, we heavily rely on space-based assets, and considering the continuously evolving cyber threats in the current geopolitical environment, securing space data is a major challenge. Since 2021, CYSEC has been organizing CYSAT to bring together all the players in the space cybersecurity domain.

CyberWiseCon Europe 2025 (Vilnius and virtual, Lithuania, May 21 - 23, 2025) CyberWiseCon is a premier IT security conference that brings together cybersecurity experts, industry leaders, and IT professionals from around the Europe.

NICE Conference (Denver, Colorado, USA, Jun 1 - 4, 2025) The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. This event provides an opportunity to share best practices from around the world and across sectors in order to build the workforce we need to confront cybersecurity risks today and in years to come.

2025 Space Regulatory Bootcamp (Albuquerque and Virtual, New Mexico, USA, Jun 10 - 11, 2025) ACSP's Bootcamps educate new and established space professionals on must-know fundamentals and arm them for success. The 2025 Space Regulatory Bootcamp, hosted in Albuquerque, New Mexico, is a two day comprehensive industry deep dive with advanced training and meaningful networking. Learn directly from leading subject matter experts on topics including space law, export controls, space telecommunications, government contracting, and more.

AWS re:Inforce 2025 (Philadelphia, Pennsylvania, USA, Jun 16 - 18, 2025) AWS re:Inforce is our annual, immersive, cloud-security learning event delivering hands-on training and collaboration with AWS experts. It’s your opportunity to learn about the latest AWS security innovations, get direct access to the AWS teams and partners who build the security tools you rely on, and connect with cloud security peers from around the world. You’ll leave with actionable next steps to raise your security posture.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 05.15.25

At a glance.

Google patches Chrome vulnerability with public exploit.

Coinbase offers $20 million bounty for arrest of extortionists.

US steel manufacturer hit by cyberattack.

Notes.

Attacks, Threats, and Vulnerabilities

Legislation, Policy, and Regulation

Litigation, Investigation, and Law Enforcement

Events