PT-2025-9743 · Google+4 · Google Chrome+4

Khalil Zhani

Published

2025-03-04

Updated

2025-04-03

CVE-2025-1923

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 134.0.6998.35

Description The issue is related to an inappropriate implementation in Permission Prompts in Google Chrome, allowing an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. The severity of this issue is classified as Low by Chromium security.

Recommendations For Google Chrome versions prior to 134.0.6998.35, update to version 134.0.6998.35 or later to resolve the issue. As a temporary workaround, consider disabling the installation of new extensions until the update is applied. Restrict access to the Permission Prompts feature to minimize the risk of exploitation. Avoid using crafted Chrome Extensions in the affected API endpoints until the issue is resolved.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

ALT-PU-2025-4164

ALT-PU-2025-4366

BDU:2025-02671

CVE-2025-1923

DSA-5875-1

MGASA-2025-0091

OPENSUSE-SU-2025:0084-1

OPENSUSE-SU-2025:14854-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

PT-2025-9743 · Google+4 · Google Chrome+4

CVE-2025-1923

Weakness Enumeration

Related Identifiers

Affected Products

References · 68