Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202512-00000131

[Content Description]
Researchers have discovered five high-risk security vulnerabilities in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, and Brave. These vulnerabilities include Type Confusion (CVE-2025-13630), Privilege Escalation (CVE-2025-13631), Use After Free (CVE-2025-13633 and CVE-2025-13638), and Incorrect Type Conversion or Cast (CVE-2025-13720). The most severe vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the user's device. Please confirm and patch these vulnerabilities as soon as possible.


[Affected Platforms]
Google Chrome (Linux and Windows): Versions below 143.0.7499.40
Google Chrome (Mac): Versions below 143.0.7499.41
Microsoft Edge: Versions below 143.0.3650.66
Vivaldi: Versions below 7.7.3851.58
Brave: Versions below 1.85.111

[Recommended Measures]
I. Please update your Google Chrome browser to version 143.0.7499.40/41 or higher. https://support.google.com/chrome/answer/95414?hl=zh-Hant

II. Please update your Microsoft Edge browser to version 143.0.3650.66 or higher. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

III. Please update Vivaldi browser to version 7.7.3851.58 or later. https://help.vivaldi.com/desktop/install-update/update-vivaldi/

IV. Please update Brave browser to version 1.85.111 or later. https://community.brave.com/t/how-to-update-brave/384780

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-13630
2. https://nvd.nist.gov/vuln/detail/CVE-2025-13631
2. https://nvd.nist.gov/vuln/detail/CVE-2025-13633
3. https://nvd.nist.gov/vuln/detail/CVE-2025-13638
4. https://nvd.nist.gov/vuln/detail/CVE-2025-13720