Print - 【Vulnerability Alert】Five High-Risk Security Vulnerabilities Have Been Identified in Chromium-Based Browsers. Please promptly verify and apply the necessary fixes(CVE-2025-13630)(CVE-2025-13631)(CVE-2025-13633)(CVE-2025-13638)(CVE-2025-13720)

【Vulnerability Alert】Five High-Risk Security Vulnerabilities Have Been Identified in Chromium-Based Browsers. Please promptly verify and apply the necessary fixes(CVE-2025-13630)(CVE-2025-13631)(CVE-2025-13633)(CVE-2025-13638)(CVE-2025-13720)

publish date : 2025-12-19 update date : 2025-12-19

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025121701121515	Publication Time	2025/12/17 13:29
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/12/17 13:29
Impact Level	Medium
[Subject] 【Vulnerability Alert】Five High-Risk Security Vulnerabilities Have Been Identified in Chromium-Based Browsers. Please promptly verify and apply the necessary fixes (CVE-2025-13630) (CVE-2025-13631) (CVE-2025-13633) (CVE-2025-13638) (CVE-2025-13720)
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202512-00000131 Researchers have discovered five high-risk security vulnerabilities in Chromium-based browsers, including Google Chrome, Microsoft Edge, Vivaldi, and Brave. The vulnerability types include a Type Confusion vulnerability (CVE-2025-13630), a Privilege Escalation vulnerability (CVE-2025-13631), Use After Free vulnerabilities (CVE-2025-13633 and CVE-2025-13638), and an Incorrect Type Conversion or Cast vulnerability (CVE-2025-13720). In the most severe cases, these vulnerabilities may allow unauthenticated remote attackers to execute arbitrary code on the user’s system. Please promptly verify and apply the necessary fixes. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Google Chrome (Linux and Windows) versions earlier than 143.0.7499.40 (exclusive) Google Chrome (Mac) versions earlier than 143.0.7499.41 (exclusive) Microsoft Edge versions earlier than 143.0.3650.66 (exclusive) Vivaldi versions earlier than 7.7.3851.58 (exclusive) Brave versions earlier than 1.85.111 (exclusive)
[Recommended Actions] 1.Please update the Google Chrome browser to version 143.0.7499.40/41 or later: https://support.google.com/chrome/answer/95414?hl=zh-Hant 2.Please update the Microsoft Edge browser to version 143.0.3650.66 or later: https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 3.Please update the Vivaldi browser to version 7.7.3851.58 or later: https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 4.Please update the Brave browser to version 1.85.111 or later: https://community.brave.com/t/how-to-update-brave/384780
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-13630 2. https://nvd.nist.gov/vuln/detail/CVE-2025-13631 3. https://nvd.nist.gov/vuln/detail/CVE-2025-13633 4. https://nvd.nist.gov/vuln/detail/CVE-2025-13638 5. https://nvd.nist.gov/vuln/detail/CVE-2025-13720

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center