CVSS: 5.0EPSS: %CPEs: 1EXPL: 0CVE-2025-13992
https://notcve.org/view.php?id=CVE-2025-13992
03 Dec 2025 — Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-1300: Improper Protection of Physical Side Channels •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13633
https://notcve.org/view.php?id=CVE-2025-13633
02 Dec 2025 — Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13721
https://notcve.org/view.php?id=CVE-2025-13721
02 Dec 2025 — Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13720
https://notcve.org/view.php?id=CVE-2025-13720
02 Dec 2025 — Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13640
https://notcve.org/view.php?id=CVE-2025-13640
02 Dec 2025 — Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13639
https://notcve.org/view.php?id=CVE-2025-13639
02 Dec 2025 — Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13638
https://notcve.org/view.php?id=CVE-2025-13638
02 Dec 2025 — Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13637
https://notcve.org/view.php?id=CVE-2025-13637
02 Dec 2025 — Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-449: The UI Performs the Wrong Action •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13636
https://notcve.org/view.php?id=CVE-2025-13636
02 Dec 2025 — Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13635
https://notcve.org/view.php?id=CVE-2025-13635
02 Dec 2025 — Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-290: Authentication Bypass by Spoofing •