The UI Performs the Wrong Action

CVE-2025-13637

Medium

4.3/10

Summary

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-449 - The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.

References

Advisory
Advisory

Advisory Timeline

Published Dec 02, 2025

The UI Performs the Wrong Action

CVE-2025-13637

Summary

CWE-449 - The UI Performs the Wrong Action

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS