Vulnerability DatabaseCVE-2025-13632

CVE-2025-13632:
vulnerability analysis and mitigation

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

5.4

Score

Published December 2, 2025

Severity MEDIUM

CNA Score 5.4

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 4.1

Exploitation Probability (EPSS) N/A

Affected packages and libraries

cef
cef-debuginfo

Sources

Chainguard
- Chainguard Has FixAdded at: Dec 12, 2025
Debian Security Tracker
- Debian 11 Severity MEDIUMNo FixAdded at: Dec 03, 2025
- Debian 12, 13, 14 Severity MEDIUMHas FixAdded at: Dec 03, 2025
Echo
- Echo Severity MEDIUMHas FixAdded at: Dec 03, 2025
Nix
- Nix Severity MEDIUMHas FixAdded at: Dec 07, 2025
VulnCheck NVD++
- Linux Severity MEDIUMHas FixAdded at: Dec 04, 2025
- Windows Severity MEDIUMHas FixAdded at: Dec 04, 2025
Wolfi
- Wolfi Has FixAdded at: Dec 12, 2025
NVD
- Linux Severity MEDIUMHas FixAdded at: Dec 07, 2025
- Windows Severity MEDIUMHas FixAdded at: Dec 07, 2025