CVE-2025-13635
📋 TL;DR
This vulnerability allows a local attacker to spoof the Chrome downloads UI via a malicious HTML page, tricking users into believing they're interacting with legitimate download prompts. It affects Google Chrome users on desktop platforms who haven't updated to the patched version.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
An attacker could trick users into downloading malicious files by making them appear as legitimate downloads from trusted sources, potentially leading to malware installation or credential theft.
Likely Case
Limited UI spoofing that might confuse users about download origins but requires user interaction and local access to execute.
If Mitigated
With updated Chrome and proper user awareness, impact is minimal as the vulnerability requires specific local conditions and user interaction.
🎯 Exploit Status
Exploitation requires local access to serve crafted HTML pages and user interaction with the malicious page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.41 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu. 3. Go to Help > About Google Chrome. 4. Chrome will automatically check for and install updates. 5. Click 'Relaunch' to restart Chrome with the update.
🔧 Temporary Workarounds
Disable automatic downloads
allConfigure Chrome to ask where to save each file before downloading
chrome://settings/downloads > Toggle 'Ask where to save each file before downloading'
🧯 If You Can't Patch
- Use alternative browsers until Chrome can be updated
- Implement strict user awareness training about verifying download sources
🔍 How to Verify
Check if Vulnerable:
Check Chrome version via chrome://settings/help or chrome://version and compare to affected versionsCheck Version:
chrome://versionVerify Fix Applied:
Confirm Chrome version is 143.0.7499.41 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual download patterns from local HTML files
- Multiple download prompts from same local source
Network Indicators:
- Local HTTP/HTTPS serving of HTML pages with download manipulation attempts
SIEM Query:
source="chrome" AND event="download" AND url="file://*" OR url="localhost:*"