CVE-2025-13631
📋 TL;DR
This vulnerability allows remote attackers to escalate privileges on Mac systems running vulnerable versions of Google Chrome. Attackers can exploit a flaw in Google Updater by tricking users into opening a crafted file, potentially gaining elevated system access. Only Mac users with Chrome versions below 143.0.7499.41 are affected.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise where attacker gains root privileges, installs persistent malware, accesses sensitive data, and controls the entire system.
Likely Case
Local privilege escalation allowing attackers to bypass security controls, install unwanted software, or modify system settings.
If Mitigated
Limited impact with proper user education, application sandboxing, and least privilege principles in place.
🎯 Exploit Status
Exploitation requires user interaction (opening crafted file). No public exploit code is available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.41 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Google Chrome. 2. Click Chrome menu → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click Relaunch to restart Chrome with the updated version.
🔧 Temporary Workarounds
Disable automatic updates
macTemporarily disable Google Updater to prevent exploitation while planning permanent fix
sudo chmod 000 /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
🧯 If You Can't Patch
- Implement application allowlisting to prevent execution of unauthorized binaries
- Enforce least privilege principles and restrict user administrative privileges
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Chrome menu → About Google Chrome. If version is below 143.0.7499.41, system is vulnerable.Check Version:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --versionVerify Fix Applied:
Confirm Chrome version is 143.0.7499.41 or higher in About Google Chrome dialog.📡 Detection & Monitoring
Log Indicators:
- Unusual GoogleSoftwareUpdateAgent process activity
- Privilege escalation attempts in system logs
- Unexpected Chrome updater executions
Network Indicators:
- Unusual outbound connections from GoogleSoftwareUpdateAgent
- Downloads from unexpected sources to Chrome update directories
SIEM Query:
process_name:"GoogleSoftwareUpdateAgent" AND (parent_process_name NOT IN ("launchd", "Google Chrome"))