CVE-2025-13637

Description

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)

CVSS v3.1 Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-449 CWE-449

Affected Products

Vendor	Product	Versions
google	chrome	< 143.0.7499.40
linux	linux_kernel	All
google	chrome	< 143.0.7499.40
apple	macos	All
microsoft	windows	All

References

Advisories & Patches

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html

Other References

https://issues.chromium.org/issues/392375329

Frequently Asked Questions

What is CVE-2025-13637? +

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low) It has a CVSS v3.1 base score of 4.3 (MEDIUM).

How severe is CVE-2025-13637? +

CVE-2025-13637 has a CVSS v3.1 score of 4.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-13637? +

CVE-2025-13637 affects products from apple, google, linux, microsoft, specifically: chrome, linux_kernel, macos, windows. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-13637? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.