CVE-2025-1923

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 134.0.6998.35

Description The issue is related to an inappropriate implementation in Permission Prompts in Google Chrome, allowing an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. The severity of this issue is classified as Low by Chromium security.

Recommendations For Google Chrome versions prior to 134.0.6998.35, update to version 134.0.6998.35 or later to resolve the issue. As a temporary workaround, consider disabling the installation of new extensions until the update is applied. Restrict access to the Permission Prompts feature to minimize the risk of exploitation. Avoid using crafted Chrome Extensions in the affected API endpoints until the issue is resolved.