CVE-2025-13635 is a security vulnerability identified in the Downloads component of Google Chrome versions prior to 143.0.7499.41. The issue stems from an inappropriate implementation that allows a local attacker to craft a malicious HTML page capable of performing UI spoofing. UI spoofing involves manipulating the browser's user interface elements to display misleading information, which can deceive users into believing they are interacting with legitimate browser dialogs or prompts. This can facilitate social engineering attacks, such as tricking users into downloading malicious files or revealing sensitive information. The vulnerability requires the attacker to have local access to the victim's machine, meaning remote exploitation is not feasible without prior compromise. No authentication or elevated privileges are explicitly required beyond local access. The Chromium project has classified this vulnerability as low severity, likely due to its limited scope and the requirement for local attacker presence. However, UI spoofing can still have significant implications for user trust and security, especially in environments where users may be targeted by phishing or social engineering campaigns. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability was published on December 2, 2025, with the fix included in Chrome version 143.0.7499.41.

For European organizations, this vulnerability primarily threatens user trust and the integrity of user interactions with the browser. While it does not directly compromise system confidentiality, integrity, or availability, successful UI spoofing can lead to indirect impacts such as credential theft, malware installation, or unauthorized data disclosure through social engineering. Organizations with employees who use affected Chrome versions on local machines are at risk of targeted phishing attacks leveraging this vulnerability. Sectors with high reliance on secure web interactions—such as finance, healthcare, and government—may face elevated risks if attackers exploit UI spoofing to bypass user caution. The requirement for local attacker presence limits the threat to scenarios involving insider threats or prior system compromise. However, given the widespread use of Chrome across Europe, the potential scale of impact is notable if attackers combine this vulnerability with other attack vectors. The absence of known exploits reduces immediate risk but does not eliminate the need for prompt remediation.

The primary mitigation is to update Google Chrome to version 143.0.7499.41 or later, which contains the fix for this vulnerability. Organizations should enforce automated browser updates or centrally manage Chrome deployments to ensure timely patching. Additionally, user education is critical to mitigate the risk of UI spoofing; training users to recognize suspicious browser dialogs and to verify download prompts can reduce the likelihood of successful social engineering. Implementing endpoint security solutions that monitor for unusual local activity may help detect attempts to exploit local vulnerabilities. Restricting local access to trusted users and employing least privilege principles can further reduce the risk of local attacker exploitation. Regular security awareness campaigns focusing on phishing and spoofing threats are recommended. Finally, organizations should monitor security advisories from Google and related threat intelligence sources for updates or emerging exploit information.