Severity
High
Analysis Summary
CVE-2025-1923 CVSS:8.8
A vulnerability in Google Chrome versions before 134.0.6998.35 involves permission prompts with improper implementation. An attacker could potentially trick a user into installing a malicious Chrome extension, enabling UI spoofing. This security issue has been classified as low severity by the Chromium team. The vulnerability allows an attacker to manipulate the user interface through a carefully crafted extension, potentially deceiving users about the extension's true nature or permissions.
CVE-2025-1922 CVSS:8.8
Inappropriate implementation in Selection in Google Chrome on Android before 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2025-1918 CVSS:8.8
An out of bounds read vulnerability exists in PDFium within Google Chrome versions before 134.0.6998.35. The vulnerability allows a remote attacker to potentially access memory outside intended boundaries through a specially crafted PDF file. This issue is classified with a medium security severity by Chromium, suggesting it could pose a risk of unauthorized memory access or information disclosure.
CVE-2025-1917 CVSS:8.8
A UI spoofing vulnerability exists in Google Chrome for Android versions before 134.0.6998.35. This issue stems from an inappropriate implementation in the Browser UI, which enables a remote attacker to create a crafted HTML page that can trick users through visual deception. The vulnerability has been assigned a medium security severity by Chromium, indicating potential risks to user interface integrity and potential manipulation of browser display elements.
CVE-2025-1915 CVSS:9.8
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows before 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension.
CVE-2025-1921 CVSS:8.8
Inappropriate implementation in Media Stream in Google Chrome before 134.0.6998.35 allowed a remote malicious user to obtain information about a peripheral via a crafted HTML page
CVE-2025-1919 CVSS:8.8
Out of bounds read in Media in Google Chrome before 134.0.6998.35 allowed a remote malicious user to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2025-1916 CVSS:10
A use after free vulnerability exists in Profiles within Google Chrome versions before 134.0.6998.35. This security flaw could enable an attacker to potentially cause heap corruption by tricking a user into installing a malicious extension and then using a specially crafted HTML page. The vulnerability is classified as medium severity by Chromium security experts.
CVE-2025-1914 CVSS:8.8
An out of bounds read vulnerability exists in the V8 JavaScript engine within Google Chrome versions before 134.0.6998.35. This security issue enables a remote attacker to access memory outside intended boundaries by using a specially crafted HTML page. The vulnerability has been classified with a high severity rating by the Chromium security team, potentially allowing unauthorized memory access that could compromise system security.
Impact
- Gain Access
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-1923
CVE-2025-1922
CVE-2025-1918
CVE-2025-1917
CVE-2025-1915
CVE-2025-1921
CVE-2025-1919
CVE-2025-1916
CVE-2025-1914
Affected Vendors
Affected Products
- Google Chrome 134.0.6998.35
Remediation
Refer to Google Chrome Website for patch, upgrade, or suggested workaround information.