Unexpected Sign Extension in atom-shell

CVE-2025-13632

atom-shell
chromium
chromiumembeddedframework.runtime
electron
electron-nightly
electron-prebuilt
org.webjars.npm:electron
org.webjars.npm:electron-prebuilt

Medium

5.4/10

Summary

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-194 - Unexpected Sign Extension

The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.

References

Advisory
Advisory

Advisory Timeline

Published Dec 02, 2025

Unexpected Sign Extension in atom-shell

CVE-2025-13632

Summary

CWE-194 - Unexpected Sign Extension

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS