CVE-2025-13630

CVE-2025-13630 is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 143.0.7499.41. This flaw allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Classified under CWE-843, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is rated High severity by Chromium security standards.

A remote attacker can exploit this vulnerability by tricking a user into visiting a malicious website hosting the crafted HTML page, as it requires user interaction but no special privileges. Successful exploitation could lead to heap corruption, enabling high-impact outcomes such as unauthorized access to sensitive data, modification of system integrity, or disruption of availability.

Mitigation is available via the stable channel update for Google Chrome desktop, detailed in the Chrome Releases blog at https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html, which patches the issue in version 143.0.7499.41. Additional details are tracked in the Chromium issue at https://issues.chromium.org/issues/456547591. Security practitioners should urge users to update to the latest version immediately.