CVE-2025-13637
📋 TL;DR
This vulnerability allows a remote attacker to bypass Chrome's download protections by tricking a user into performing specific UI gestures on a malicious HTML page. It affects users running Google Chrome versions prior to 143.0.7499.41. The attacker must convince the user to interact with the crafted page.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
An attacker could bypass Chrome's download protections to deliver malicious files that would normally be blocked or flagged, potentially leading to malware execution.
Likely Case
Limited impact requiring user interaction with a malicious page; most users have automatic updates enabled, reducing exposure.
If Mitigated
Minimal impact if Chrome is updated to the patched version or if users avoid interacting with untrusted web pages.
🎯 Exploit Status
Exploitation requires user interaction (specific UI gestures) on a crafted HTML page, making it less trivial to automate.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.41 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu > Help > About Google Chrome. 3. Chrome will automatically check for and apply the update. 4. Restart Chrome when prompted.
🔧 Temporary Workarounds
Disable automatic downloads
allConfigure Chrome to ask where to save each file before downloading, which may reduce risk by requiring user confirmation.
chrome://settings/downloads > Toggle 'Ask where to save each file before downloading' to ON
🧯 If You Can't Patch
- Educate users to avoid clicking or performing gestures on untrusted web pages.
- Use network filtering or web proxies to block access to known malicious sites.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if it is below 143.0.7499.41, it is vulnerable.Check Version:
On Chrome, navigate to chrome://version/ and check the 'Google Chrome' version line.Verify Fix Applied:
Ensure Chrome version is 143.0.7499.41 or higher after updating.📡 Detection & Monitoring
Log Indicators:
- Unusual download patterns from untrusted sources in Chrome logs or endpoint detection logs.
Network Indicators:
- HTTP requests to suspicious domains hosting HTML pages that trigger downloads.
SIEM Query:
Not typically applicable due to low severity and user interaction requirement; focus on patch compliance monitoring instead.