CVE-2025-13632
📋 TL;DR
This vulnerability allows attackers to escape Chrome's security sandbox by convincing users to install a malicious extension. It affects all users running vulnerable versions of Google Chrome. The attacker needs user interaction to install the malicious extension first.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through sandbox escape, allowing execution of arbitrary code at system level, data theft, and persistence.
Likely Case
Limited sandbox escape allowing access to system resources normally protected, potentially leading to data exfiltration or further exploitation.
If Mitigated
No impact if users don't install untrusted extensions and Chrome is updated to patched version.
🎯 Exploit Status
Exploitation requires user to install malicious extension first, adding an initial step. The sandbox escape itself appears to be moderately complex.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.41 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for updates and install if available. 4. Click 'Relaunch' to restart Chrome with the update.
🔧 Temporary Workarounds
Disable Chrome Extensions
allTemporarily disable all Chrome extensions to prevent malicious extension installation.
chrome://extensions/ → Toggle off all extensions
Restrict Extension Installation
windowsConfigure Chrome to only allow extensions from Chrome Web Store.
Group Policy: ExtensionInstallSources = https://chrome.google.com/webstore/*
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallSources
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of malicious code from sandbox escape
- Use browser isolation technology to contain potential sandbox escapes
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is less than 143.0.7499.41, system is vulnerable.Check Version:
chrome://version/ (look for 'Google Chrome' version number)Verify Fix Applied:
Confirm Chrome version is 143.0.7499.41 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual extension installation events
- Chrome DevTools process spawning unexpected child processes
- Chrome processes running with elevated privileges unexpectedly
Network Indicators:
- Chrome processes making unexpected outbound connections to unknown domains
- Traffic patterns inconsistent with normal browsing behavior
SIEM Query:
process_name="chrome.exe" AND (parent_process="chrome.exe" AND command_line CONTAINS "--type=utility" AND NOT command_line CONTAINS "--utility-sub-type=network.mojom.NetworkService")