Cybersecurity Vulnerabilities

CVE-2025-13635: Chrome Downloads UI Spoofing Vulnerability Fixed!

December 2, 2025 - By 

Overview

CVE-2025-13635 is a low-severity security vulnerability identified in Google Chrome’s Downloads feature. Specifically, an inappropriate implementation allowed a local attacker to perform UI (User Interface) spoofing. This vulnerability affected Google Chrome versions prior to 143.0.7499.41. The fix was included in the stable channel update released in December 2025.

Technical Details

The vulnerability stems from how Chrome handles certain aspects of the Downloads UI. A crafted HTML page, when loaded locally, could manipulate elements of the download interface, potentially misleading the user about the source or nature of a downloaded file. While the exact mechanism isn’t publicly detailed beyond the high-level description, it likely involves exploiting inconsistencies in how the browser renders and validates UI elements related to downloads when influenced by malicious local HTML content. The Chromium issue tracker provides some limited insights into the fix.

CVSS Analysis

According to the provided information, no CVSS score or severity level was assigned to this vulnerability. This typically indicates that the impact is considered low, likely due to the requirement of local access and the nature of UI spoofing, which primarily affects user perception rather than system integrity.

Possible Impact

The primary impact of CVE-2025-13635 is UI spoofing. A successful attacker could potentially trick a user into believing a downloaded file is safe or comes from a trusted source when it is not. This could lead to the user inadvertently executing malicious software or revealing sensitive information. The attack requires the user to open a specially crafted HTML file locally, reducing its overall risk compared to vulnerabilities exploitable over the network.

Mitigation or Patch Steps

The vulnerability has been addressed in Google Chrome version 143.0.7499.41 and later. Users are strongly advised to update their Chrome browser to the latest version to mitigate this risk. Chrome typically updates automatically, but you can manually check for updates by:

  1. Clicking the three dots (Menu) in the top-right corner of Chrome.
  2. Selecting “Help” > “About Google Chrome”.
  3. Chrome will automatically check for and install updates.
  4. Restart Chrome to apply the updates.

References

Chrome Stable Channel Update
Chromium Issue Tracker – Issue 405727341

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *