CVE-2025-13721 — Race Condition in Google Chrome

CWE-362 — Race Condition CWE-366 — Race Condition within a Thread9 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 70.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedDec 2

Latest updateDec 17

Description

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/chrome143.0.7499.41 — 143.0.7499.41

▶NVDgoogle/chrome< 143.0.7499.40+1

▶Debianchromium/chromium< 143.0.7499.40-1~deb12u1+2

🔴Vulnerability Details

GHSA

GHSA-72mf-gf7v-562w: Race in v8 in Google Chrome prior to 143↗2025-12-02

▶

OSV

CVE-2025-13721: Race in v8 in Google Chrome prior to 143↗2025-12-02

▶

CVEList

CVE-2025-13721: Race in v8 in Google Chrome prior to 143↗2025-12-02

▶

📋Vendor Advisories

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-13721↗2025-12-17

▶

Microsoft

Chromium: CVE-2025-13721 Race in v8↗2025-12-09

▶

Red Hat

chromium-browser: Race in v8↗2025-12-02

▶

Debian

CVE-2025-13721: chromium - Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to ...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws↗2025-12-09

▶