How to fix EUVD-2025-200303?

Within 24 hours: Inventory Chrome versions across the organization and identify systems running versions prior to 143.0.7499.41. Within 7 days: Deploy Chrome version 143.0.7499.41 or later through your endpoint management system; prioritize business-critical and customer-facing systems first. Within 30 days: Achieve 100% compliance with the patched Chrome version across all endpoints and verify through vulnerability scanning.

Is Race Condition affected by EUVD-2025-200303?

A race condition vulnerability in Google Chrome versions prior to 143.0.7499.41 could allow attackers to corrupt heap memory through malicious web pages, potentially leading to code execution.

EUVD-2025-200303

| CVE-2025-13721 HIGH

2025-12-02 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200303

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

CVE Published

Dec 02, 2025 - 19:15 nvd

HIGH 7.5

Description

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Analysis

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Technical Context

A race condition occurs when the behavior of software depends on the timing of events, such as the order of execution of threads or processes.

Affected Products

Affected products: Google Chrome

Remediation

Use proper synchronization mechanisms (locks, mutexes, atomic operations). Implement file locking for filesystem operations. Avoid TOCTOU patterns.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

chromium-browser

Release	Status	Version
jammy	not-affected	code not present
noble	not-affected	code not present
plucky	not-affected	code not present
questing	not-affected	code not present
upstream	released	-

Debian

chromium

Release	Status	Fixed Version	Urgency
bullseye (security), bullseye	vulnerable	120.0.6099.224-1~deb11u1	-
bookworm	fixed	143.0.7499.40-1~deb12u1	-
bookworm (security)	fixed	146.0.7680.71-1~deb12u1	-
trixie	fixed	143.0.7499.40-1~deb13u1	-
trixie (security)	fixed	146.0.7680.71-1~deb13u1	-
forky	fixed	146.0.7680.71-1	-
sid	fixed	146.0.7680.80-1	-
bullseye	fixed	(unfixed)	end-of-life
(unstable)	fixed	143.0.7499.40-1	-

DSA-6072-1

EUVD-2025-200303 vulnerability details – vuln.today

Back

EUVD-2025-200303

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-200303

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code