Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-4664 PoC — Google Chrome 安全漏洞

Source
https://github.com/amalmurali47/cve-2025-4664
Associated Vulnerability
Title:Google Chrome 安全漏洞 (CVE-2025-4664)
Description:Google Chrome是美国谷歌(Google)公司的一款Web浏览器。 Google Chrome 136.0.7103.113之前版本存在安全漏洞,该漏洞源于Loader中策略执行不足可能导致跨源数据泄露。
Description
PoC and Setup for CVE-2025-4664
Readme
# CVE-2025-4664
This repository contains a PoC for exploiting CVE-2025-4664, a vulnerability where Chromium-based browsers leak sensitive URL parameters through Link header preload requests.

# Resources

For a detailed explanation of how this exploit works, read the blog post: https://amalmurali.me/posts/cve-2025-4664e.

Watch this video to understand the flow: 




<a href="https://vimeo.com/1097299035?share=copy" target="_blank"><img src="https://github.com/user-attachments/assets/ba4118f9-9df7-4713-8891-b569a354ac4b"></a>

## Files

- `target.py` - Vulnerable web application
- `idp.py` - SSO identity provider
- `attacker.py` - Malicious server that logs leaked tokens
- `templates/` - HTML templates for the demo
- `static/` - Static assets (logo, avatar, CSS)

## Setup

### Dependencies

```bash
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```

### Hosts File Configuration

Add these entries to your `/etc/hosts` file:

```
127.0.0.1 example.com
127.0.0.1 sso.example.com  
127.0.0.1 attacker.test
```

### Running the Demo

Start all three servers in separate terminals (after activating the venv):

```bash
# Terminal 1: Target application
python target.py

# Terminal 2: SSO Identity Provider  
python idp.py

# Terminal 3: Attacker server
python attacker.py
```

## Disclaimer

This repository is for educational purposes only. The information provided here is intended to help developers understand the vulnerability and protect their systems. Do not use this exploit maliciously or without permission. Use of this PoC is at your own risk. The author is not responsible for any damages or legal issues that may arise from the use of this information.
File Snapshot

 [4.0K]  /data/pocs/b8bbd4fc6d526dd024ecbe5c39cc8fec62c38923
├── [1.0K]  attacker.py
├── [2.6K]  idp.py
├── [1.7K]  README.md
├── [  38]  requirements.txt
├── [4.0K]  static
│   ├── [122K]  avatar.png
│   ├── [ 252]  logo.svg
│   └── [  41]  style.css
├── [2.3K]  target.py
└── [4.0K]  templates
    ├── [ 734]  index.html
    ├── [4.5K]  profile.html
    ├── [ 797]  redirecting.html
    └── [1.2K]  sso_login.html

2 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.