CVE-2025-13634 is a vulnerability identified in the Downloads component of Google Chrome on Windows platforms prior to version 143.0.7499.41. The flaw stems from an inappropriate implementation that allows a local attacker to bypass the 'mark of the web' (MOTW) security feature. MOTW is designed to flag files downloaded from the internet as potentially unsafe, restricting their execution or access to prevent malicious activity. By exploiting this vulnerability, an attacker who has local access to the victim's machine can craft a malicious HTML page that circumvents these protections, causing the browser to treat downloaded content as if it were from a trusted source. This bypass can lead to the execution or opening of malicious files without the usual security warnings or restrictions. The attack requires the victim to interact with the crafted HTML page, but does not require elevated privileges or prior authentication. The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing), indicating a failure in properly enforcing security boundaries. The CVSS v3.1 base score is 4.4, reflecting a medium severity level due to the local attack vector, required user interaction, and limited impact on confidentiality and integrity without affecting availability. No public exploits have been reported, and no official patches or mitigation links are currently provided, emphasizing the need for vigilance and timely updates once available.

For European organizations, this vulnerability poses a moderate risk primarily to endpoint security on Windows devices running affected Chrome versions. The bypass of the mark of the web can lead to malicious files being executed or accessed without triggering security warnings, increasing the likelihood of malware infections, data leakage, or unauthorized code execution. This can compromise the confidentiality and integrity of sensitive information, especially in environments where local user access is common or where users may be tricked into opening crafted HTML content. While the vulnerability does not directly impact availability, the potential for malware deployment could lead to broader operational disruptions. Organizations with large Windows desktop deployments and extensive use of Chrome are at higher risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. The medium severity rating suggests that while the threat is not critical, it should be addressed promptly to prevent escalation or combination with other vulnerabilities.

European organizations should implement the following specific mitigation measures: 1) Immediately update Google Chrome on all Windows endpoints to version 143.0.7499.41 or later once available to ensure the vulnerability is patched. 2) Enforce strict endpoint security policies that limit local user privileges and restrict the ability to run or open untrusted HTML content or downloads. 3) Deploy application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious file executions that bypass MOTW protections. 4) Educate users about the risks of interacting with unknown or suspicious HTML pages, emphasizing caution with downloads and local content. 5) Utilize network-level protections such as web filtering to block access to potentially malicious sites hosting crafted HTML content. 6) Regularly audit and monitor local user activity and download behaviors to detect anomalies indicative of exploitation attempts. 7) Coordinate with IT teams to ensure timely deployment of Chrome updates and verify patch status across all endpoints. These measures go beyond generic advice by focusing on local user access controls, user awareness, and proactive monitoring tailored to the specific nature of this vulnerability.