Skip to main content

Chrome CVE-2025-13720

| EUVDEUVD-2025-200305 HIGH
Incorrect Type Conversion or Cast (CWE-704)
2025-12-02 chrome-cve-admin@google.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 14:04 euvd
EUVD-2025-200305
Analysis Generated
Mar 15, 2026 - 14:04 vuln.today
CVE Published
Dec 02, 2025 - 19:15 nvd
HIGH 8.8

DescriptionCVE.org

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Analysis

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Technical ContextAI

This vulnerability is classified as Incorrect Type Conversion or Cast (CWE-704).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More in Chrome

View all
CVE-2026-3910 HIGH POC
8.8 Mar 13

Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote atta

CVE-2026-3909 HIGH POC
8.8 Mar 13

Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attacker

CVE-2026-5281 HIGH POC
8.8 Apr 01

Remote code execution in Google Chrome prior to version 146.0.7680.178 via a use-after-free vulnerability in the Dawn gr

CVE-2025-5419 HIGH POC
8.8 Jun 03

Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling

CVE-2026-2441 HIGH POC
8.8 Feb 13

Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attacker

CVE-2025-6554 HIGH POC
8.1 Jun 30

Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write opera

CVE-2025-13223 HIGH
8.8 Nov 17

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day

CVE-2025-27038 HIGH
7.5 Jun 03

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory

CVE-2024-12450 CRITICAL POC
9.8 Mar 20

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities.

CVE-2025-6179 CRITICAL POC
9.8 Jun 16

Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensio

CVE-2025-49713 HIGH POC
8.8 Jul 02

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized

CVE-2025-2073 HIGH POC
8.8 Apr 16

Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with

Vendor StatusVendor

Ubuntu

Priority: Medium
chromium-browser
Release Status Version
jammy not-affected code not present
noble not-affected code not present
plucky not-affected code not present
questing not-affected code not present
upstream released -

Debian

chromium
Release Status Fixed Version Urgency
bullseye (security), bullseye vulnerable 120.0.6099.224-1~deb11u1 -
bookworm fixed 143.0.7499.40-1~deb12u1 -
bookworm (security) fixed 146.0.7680.71-1~deb12u1 -
trixie fixed 143.0.7499.40-1~deb13u1 -
trixie (security) fixed 146.0.7680.71-1~deb13u1 -
forky fixed 146.0.7680.71-1 -
sid fixed 146.0.7680.80-1 -
bullseye fixed (unfixed) end-of-life
(unstable) fixed 143.0.7499.40-1 -

SUSE

Severity: High
Product Status
SUSE Package Hub 15 SP6 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP6 Fixed

Share

CVE-2025-13720 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy