5.4 CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)
https://nvd.nist.gov/vuln/detail/CVE-2025-13632
Categories
CWE-194 : Unexpected Sign Extension
The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses. Avoid using signed variables if you don't need to represent negative values. When negative values are needed, perform validation after you save those values to larger data types, or before passing them to functions that are expecting unsigned values. Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125) Sign extension error produces -1 value that is treated as a command separator, enabling OS command injection. Product uses "char" type for input character. When char is implemented as a signed type, ASCII value 0xFF (255), a sign extension produces a -1 value that is treated as a program-specific separator value, effectively disabling a length check and leading to a buffer overflow. This is also a multiple interpretation error. chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow. chain: signedness error allows bypass of a length check; later sign extension makes exploitation easier. Sign extension when manipulating Pascal-style strings leads to integer overflow and improper memory copy.
References
chrome-cve-admin@google.com
| https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-deskt... Release Notes Vendor Advisory |
| https://issues.chromium.org/issues/439058242 Issue Tracking Permissions Required |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| AND | ||
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | < 143.0.7499.40 | |
| Running on/with | ||
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||
| Configuration 2 | ||
| AND | ||
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | < 143.0.7499.40 | |
| Running on/with | ||
| cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
