CVE-2025-13635 is a vulnerability identified in Google Chrome prior to version 143.0.7499.41, specifically within the Downloads feature implementation. The issue stems from an inappropriate implementation that allows a local attacker to craft a malicious HTML page capable of UI spoofing. UI spoofing here refers to the attacker manipulating the browser's interface elements to deceive users into believing they are interacting with legitimate browser dialogs or prompts, potentially leading to phishing or social engineering attacks. The vulnerability requires the attacker to have local access to the victim's machine and necessitates user interaction to trigger the spoofing. The CVSS score of 4.4 (medium severity) reflects the limited scope and impact: the attack vector is local, no privileges are required, but user interaction is necessary. The impact primarily affects confidentiality to a low degree and availability slightly, as the spoofed UI could mislead users into unsafe actions or disrupt normal browser operations. There are no known exploits in the wild at the time of publication, and no official patch links were provided, indicating that remediation may be pending or integrated into subsequent Chrome updates. The vulnerability is categorized under CWE-290, which relates to improper authentication or validation issues, consistent with the UI spoofing nature. Overall, this vulnerability represents a moderate risk, especially in environments where local access threats are plausible.

For European organizations, the primary risk involves deception of users through spoofed browser UI elements, potentially leading to phishing attacks or inadvertent execution of unsafe actions. While the vulnerability does not directly compromise system confidentiality or integrity at a high level, it can facilitate social engineering attacks that may lead to credential theft or malware installation. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk in environments where insider threats or compromised endpoints exist. Disruption of browser availability or user trust can impact productivity and security posture. Organizations with high reliance on Chrome for critical operations, especially those handling sensitive data, may face increased risk if users are tricked by spoofed dialogs. The absence of known exploits reduces immediate threat but does not preclude future exploitation. Overall, the impact is moderate but warrants attention in sectors such as finance, government, and technology within Europe.

1. Promptly update Google Chrome to version 143.0.7499.41 or later as soon as the patch is available to eliminate the vulnerability. 2. Implement endpoint security controls to restrict local access to authorized personnel only, reducing the risk of local attackers exploiting this flaw. 3. Educate users on recognizing suspicious browser dialogs and UI elements, emphasizing caution with unexpected prompts or downloads. 4. Employ application whitelisting and browser hardening techniques to limit execution of untrusted HTML content locally. 5. Monitor endpoint logs for unusual local activity that could indicate attempts to exploit UI spoofing. 6. Use multi-factor authentication and other layered security controls to mitigate risks arising from potential credential theft via social engineering. 7. Coordinate with IT teams to ensure timely deployment of browser updates across all organizational devices, prioritizing those in sensitive roles or locations.