Analysis Summary

CVE-2025-1923 CVSS:8.8

A vulnerability in Google Chrome versions before 134.0.6998.35 involves permission prompts with improper implementation. An attacker could potentially trick a user into installing a malicious Chrome extension, enabling UI spoofing. This security issue has been classified as low severity by the Chromium team. The vulnerability allows an attacker to manipulate the user interface through a carefully crafted extension, potentially deceiving users about the extension's true nature or permissions.

CVE-2025-1922 CVSS:8.8

Inappropriate implementation in Selection in Google Chrome on Android before 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2025-1918 CVSS:8.8

An out of bounds read vulnerability exists in PDFium within Google Chrome versions before 134.0.6998.35. The vulnerability allows a remote attacker to potentially access memory outside intended boundaries through a specially crafted PDF file. This issue is classified with a medium security severity by Chromium, suggesting it could pose a risk of unauthorized memory access or information disclosure.

CVE-2025-1917 CVSS:8.8

A UI spoofing vulnerability exists in Google Chrome for Android versions before 134.0.6998.35. This issue stems from an inappropriate implementation in the Browser UI, which enables a remote attacker to create a crafted HTML page that can trick users through visual deception. The vulnerability has been assigned a medium security severity by Chromium, indicating potential risks to user interface integrity and potential manipulation of browser display elements.

CVE-2025-1915 CVSS:9.8

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows before 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension.

CVE-2025-1921 CVSS:8.8

Inappropriate implementation in Media Stream in Google Chrome before 134.0.6998.35 allowed a remote malicious user to obtain information about a peripheral via a crafted HTML page

CVE-2025-1919 CVSS:8.8

Out of bounds read in Media in Google Chrome before 134.0.6998.35 allowed a remote malicious user to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2025-1916 CVSS:10

A use after free vulnerability exists in Profiles within Google Chrome versions before 134.0.6998.35. This security flaw could enable an attacker to potentially cause heap corruption by tricking a user into installing a malicious extension and then using a specially crafted HTML page. The vulnerability is classified as medium severity by Chromium security experts.

CVE-2025-1914 CVSS:8.8

An out of bounds read vulnerability exists in the V8 JavaScript engine within Google Chrome versions before 134.0.6998.35. This security issue enables a remote attacker to access memory outside intended boundaries by using a specially crafted HTML page. The vulnerability has been classified with a high severity rating by the Chromium security team, potentially allowing unauthorized memory access that could compromise system security.

Impact

• Gain Access
• Information Disclosure
• Security Bypass

Indicators of Compromise

CVE

• CVE-2025-1923

• CVE-2025-1922

• CVE-2025-1918

• CVE-2025-1917

• CVE-2025-1915

• CVE-2025-1921

• CVE-2025-1919

• CVE-2025-1916

• CVE-2025-1914

Affected Vendors

Remediation

Refer to Google Chrome Website for patch, upgrade, or suggested workaround information.

Google Chrome Website