How to fix EUVD-2025-200312?

Within 24 hours: Issue security alert to all users advising against visiting untrusted websites and enable Chrome's Enhanced Safe Browsing mode; audit user populations with high-risk Chrome exposure. Within 7 days: Deploy network-level protections including WebRTC filtering at the firewall/proxy and consider disabling WebRTC in managed Chrome deployments via Group Policy; establish monitoring for exploitation attempts. Within 30 days: Prepare rapid deployment procedures for the patch when released; evaluate transition to alternative browsers for high-risk user groups if patch availability is delayed beyond 30 days.

Is Ubuntu affected by EUVD-2025-200312?

A high-severity vulnerability in Google Chrome's WebRTC implementation (CVE-2025-13639) allows remote attackers to read and write arbitrary data through malicious web pages, potentially exposing sensitive user information and enabling data manipulation.

EUVD-2025-200312

| CVE-2025-13639 HIGH

2025-12-02 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200312

CVE Published

Dec 02, 2025 - 19:15 nvd

HIGH 8.1

Description

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Analysis

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Technical Context

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

Affected Products

Affected products: Google Chrome

Remediation

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +40

POC: 0

Vendor Status

Ubuntu

Priority: Medium

chromium-browser

Release	Status	Version
jammy	not-affected	code not present
noble	not-affected	code not present
plucky	not-affected	code not present
questing	not-affected	code not present
upstream	released	-

Debian

chromium

Release	Status	Fixed Version	Urgency
bullseye (security), bullseye	vulnerable	120.0.6099.224-1~deb11u1	-
bookworm	fixed	143.0.7499.40-1~deb12u1	-
bookworm (security)	fixed	146.0.7680.71-1~deb12u1	-
trixie	fixed	143.0.7499.40-1~deb13u1	-
trixie (security)	fixed	146.0.7680.71-1~deb13u1	-
forky	fixed	146.0.7680.71-1	-
sid	fixed	146.0.7680.80-1	-
bullseye	fixed	(unfixed)	end-of-life
(unstable)	fixed	143.0.7499.40-1	-

DSA-6072-1

EUVD-2025-200312 vulnerability details – vuln.today

Back

EUVD-2025-200312

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-200312

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code