Base Score

MEDIUM4.4

CVE-2025-13634

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)

VectorLOCAL

Published Bychrome-cve-admin@google.com

Published DateDec 02, 2025, 19:15

Weakness Type (CWE):CWE-290

CVSS Metrics

Base Score

4.4

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/429140219

Base Score

MEDIUM4.4

Weakness Type (CWE):CWE-290

CVSS Metrics

Base Score

4.4

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE