CVE-2025-12905
📋 TL;DR
This vulnerability allows a remote attacker to bypass the Mark of the Web security feature in Google Chrome on Windows by tricking users into visiting a malicious HTML page. This could allow downloaded files to avoid security warnings and restrictions. Only Windows users running vulnerable Chrome versions are affected.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Attackers could deliver malicious files that appear safe, potentially leading to malware execution when users open downloaded files that bypassed security warnings.
Likely Case
Users might unknowingly open downloaded files that appear legitimate but could contain malware or execute unwanted actions, though Chrome's other security layers would still provide protection.
If Mitigated
With proper controls like updated Chrome versions, security software, and user awareness, the risk is minimal as the Mark of the Web bypass would be prevented.
🎯 Exploit Status
Exploitation requires user interaction (visiting a malicious page and downloading a file). The vulnerability is in Chrome's implementation, not requiring complex attack chains.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 140.0.7339.80 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu > Help > About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the fixed version.
🔧 Temporary Workarounds
Disable automatic downloads
allConfigure Chrome to ask where to save each file before downloading, giving users a chance to review downloads.
chrome://settings/content/automaticDownloads
Enable enhanced security features
allTurn on Chrome's Enhanced Safe Browsing for additional protection against malicious downloads.
chrome://settings/security
🧯 If You Can't Patch
- Use alternative browsers like Firefox or Edge until Chrome can be updated.
- Implement network filtering to block access to suspicious websites and monitor for unusual download patterns.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version by navigating to chrome://settings/help. If version is below 140.0.7339.80, the system is vulnerable.Check Version:
chrome://settings/helpVerify Fix Applied:
After updating, verify Chrome version is 140.0.7339.80 or higher in chrome://settings/help.📡 Detection & Monitoring
Log Indicators:
- Unusual download patterns from Chrome, especially files without proper Mark of the Web attributes in Windows logs.
Network Indicators:
- Traffic to known malicious domains hosting crafted HTML pages designed to exploit this vulnerability.
SIEM Query:
source="chrome" AND event="download" AND file_extension IN ("exe", "msi", "bat") AND security_warning="bypassed"