CVE-2025-13631
Google Chrome Mac Privilege Escalation Vulnerability
Description
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
INFO
Published Date :
Dec. 2, 2025, 7:15 p.m.
Last Modified :
Dec. 4, 2025, 7:59 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-13631
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update Google Chrome to the latest version.
- Ensure Google Updater is up-to-date.
- Restart the application after updating.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-13631.
| URL | Resource |
|---|---|
| https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html | Release Notes Vendor Advisory |
| https://issues.chromium.org/issues/448113221 | Issue Tracking Permissions Required |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-13631 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-13631
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-13631 vulnerability anywhere in the article.
-
BleepingComputer
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three "C ... Read more
-
Zero Day Initiative
The December 2025 Security Update Review
It’s the final patch Tuesday of 2025, but that doesn’t make it any less exciting. Put aside your holiday planning for just a moment as we review the latest security offering from Adobe and Microsoft. ... Read more
-
TheCyberThrone
Google Chrome 143 Stable Channel Released
December 8, 2025Google Chrome 143 patches four high-severity vulnerabilities (CVE-2025-13630 to CVE-2025-13633), all enabling remote code execution, privilege escalation, or sandbox escapes when chain ... Read more
-
CybersecurityNews
Chrome 143 Released With Fix for 13 Vulnerabilities that Enables Arbitrary Code Execution
Google has officially promoted Chrome 143 to the Stable channel, rolling out version 143.0.7499.40 for Linux and 143.0.7499.40/41 for Windows and Mac. This significant update addresses 13 security vul ... Read more
-
Daily CyberSecurity
Chrome 143 Stable Fixes 13 Flaws: High-Severity V8 Type Confusion Earns $11,000 Bounty
Google has officially promoted Chrome 143 to the stable channel for Windows, macOS, and Linux, rolling out a critical security update that addresses 13 vulnerabilities. The release, versioned as 143.0 ... Read more
The following table lists the changes that have been made to the
CVE-2025-13631 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Dec. 04, 2025
Action Type Old Value New Value Added CWE NVD-CWE-noinfo Added CPE Configuration AND OR *cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to (excluding) 143.0.7499.40 OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* Added CPE Configuration AND OR *cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to (excluding) 143.0.7499.40 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* Added Reference Type Chrome: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html Types: Release Notes, Vendor Advisory Added Reference Type Chrome: https://issues.chromium.org/issues/448113221 Types: Issue Tracking, Permissions Required -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Dec. 02, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H -
New CVE Received by [email protected]
Dec. 02, 2025
Action Type Old Value New Value Added Description Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High) Added Reference https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html Added Reference https://issues.chromium.org/issues/448113221