CVE-2025-13634 is a security vulnerability identified in Google Chrome on Windows platforms prior to version 143.0.7499.41. The flaw arises from an inappropriate implementation in the Downloads component of Chrome, specifically related to the handling of the mark of the web (MOTW) security feature. MOTW is designed to tag files downloaded from the internet with metadata that enforces security restrictions when those files are opened, such as triggering warnings or sandboxing. This vulnerability allows a local attacker—someone with access to the victim's machine—to craft a malicious HTML page that bypasses the MOTW protections. By doing so, the attacker can cause downloaded files to be treated as if they were from a trusted source, potentially enabling the execution of malicious code or scripts without the usual security prompts or restrictions. The vulnerability does not require remote exploitation or user interaction beyond local access, which limits the attack surface but still poses a risk in environments where local access can be obtained or where users might be tricked into opening crafted HTML files. No public exploits have been reported, and Google has not assigned a CVSS score but classified the severity as medium. The issue was publicly disclosed on December 2, 2025, and fixed in Chrome version 143.0.7499.41. The lack of a CVSS score necessitates an independent severity assessment based on the impact on confidentiality, integrity, and availability, ease of exploitation, and scope of affected systems.

For European organizations, this vulnerability could lead to the execution of malicious code with fewer security restrictions if an attacker gains local access or convinces a user to open a crafted HTML file. This could compromise sensitive data confidentiality and system integrity, especially in environments with shared or less controlled access to endpoints. The bypass of MOTW may facilitate the spread of malware or unauthorized scripts, increasing the risk of data breaches or system compromise. Organizations subject to strict data protection regulations such as GDPR could face compliance risks if this vulnerability is exploited. The impact is more pronounced in sectors with high security requirements, including finance, healthcare, and government. However, since exploitation requires local access, remote attacks are less likely, reducing the overall threat level but not eliminating it. The absence of known exploits in the wild suggests that immediate risk is moderate but warrants prompt remediation to prevent future exploitation.

The primary mitigation is to update Google Chrome on Windows systems to version 143.0.7499.41 or later, where the vulnerability is patched. Organizations should enforce strict update policies to ensure timely deployment of security patches. Additionally, restrict local access to trusted users only, employing strong endpoint security controls such as user account management, least privilege principles, and endpoint detection and response (EDR) solutions. Educate users about the risks of opening untrusted HTML files and implement application whitelisting to prevent execution of unauthorized scripts or files. Network segmentation and monitoring can help detect suspicious local activity. For environments with high security needs, consider disabling or restricting the use of local HTML files or downloads from untrusted sources. Regularly audit and review local user permissions and access controls to minimize the risk of local exploitation.