CVE-2025-13634
📋 TL;DR
This vulnerability allows a local attacker to bypass the Mark of the Web (MOTW) security feature in Google Chrome on Windows. Attackers can craft HTML pages that evade security warnings when downloaded files originate from untrusted sources. Only Windows users running vulnerable Chrome versions are affected.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Attackers could execute malicious code disguised as legitimate downloads without security warnings, potentially leading to system compromise.
Likely Case
Users might unknowingly open malicious files that appear safe, leading to malware installation or data theft.
If Mitigated
With proper user awareness and security software, the risk is reduced as users would still need to execute the malicious file.
🎯 Exploit Status
Requires local access and user interaction with crafted HTML pages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.41 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
Open Chrome
Click three-dot menu → Help → About Google Chrome
Allow Chrome to update automatically
Click 'Relaunch' when prompted
🔧 Temporary Workarounds
Disable automatic file downloads
windowsConfigure Chrome to ask where to save each file instead of automatically downloading.
Use alternative browser temporarily
allSwitch to a non-Chromium browser until Chrome is updated.
🧯 If You Can't Patch
- Enable Windows Defender SmartScreen and ensure it's updated
- Educate users to verify file sources before opening downloads
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings → About Chrome. If version is below 143.0.7499.41, system is vulnerable.Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 143.0.7499.41 or higher in About Chrome.📡 Detection & Monitoring
Log Indicators:
- Unusual download patterns from untrusted sources
- Files executing without MOTW warnings
Network Indicators:
- Suspicious HTML file downloads triggering bypass attempts
SIEM Query:
source="chrome" event="download" file_extension="html" AND NOT security_warning="MOTW"