SB2025030501 - Multiple vulnerabilities in Google Chrome

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-1914)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

2) External Control of File Name or Path (CVE-ID: CVE-2025-1915)

The vulnerability allows a remote attacker to overwrite files on the system.

The vulnerability exists due to improper limitations of a pathname to a restricted directory in DevTools. A remote attacker can trick the victim into performing certain actions on the website and overwrite arbitrary files on the system.

3) Use-after-free (CVE-ID: CVE-2025-1916)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Profiles in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

4) Improperly implemented security check for standard (CVE-ID: CVE-2025-1917)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Browser UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

5) Out-of-bounds read (CVE-ID: CVE-2025-1918)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the PDFium component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

6) Out-of-bounds read (CVE-ID: CVE-2025-1919)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Media component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

7) Improperly implemented security check for standard (CVE-ID: CVE-2025-1921)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Media Stream in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

8) Improperly implemented security check for standard (CVE-ID: CVE-2025-1922)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Selection in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

9) Improperly implemented security check for standard (CVE-ID: CVE-2025-1923)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Permission Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html
• https://crbug.com/397731718
• https://crbug.com/391114799
• https://crbug.com/376493203
• https://crbug.com/329476341
• https://crbug.com/388557904
• https://crbug.com/392375312
• https://crbug.com/387583503
• https://crbug.com/384033062
• https://crbug.com/382540635