CVE-2025-13720 — Incorrect Type Conversion or Cast in Google Chrome

CWE-704 — Incorrect Type Conversion or Cast CWE-843 — Type Confusion9 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 64.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedDec 2

Latest updateJan 5

Description

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/chrome143.0.7499.41 — 143.0.7499.41

▶NVDgoogle/chrome< 143.0.7499.40+1

▶Debianchromium/chromium< 143.0.7499.40-1~deb12u1+2

🔴Vulnerability Details

OSV

CVE-2025-13720: Bad cast in Loader in Google Chrome prior to 143↗2025-12-02

▶

GHSA

GHSA-p4q8-mx85-6fc8: Bad cast in Loader in Google Chrome prior to 143↗2025-12-02

▶

CVEList

CVE-2025-13720: Bad cast in Loader in Google Chrome prior to 143↗2025-12-02

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-13720↗2026-01-05

▶

Microsoft

Chromium: CVE-2025-13720 Bad cast in Loader↗2025-12-09

▶

Red Hat

chromium-browser: Bad cast in Loader↗2025-12-02

▶

Debian

CVE-2025-13720: chromium - Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote atta...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws↗2025-12-09

▶