- 50/2025
- High
Google has released updated Chrome versions 134.0.6998.35/36 for Windows, 134.0.6998.44/45 for Mac, and 134.0.6998.35 for Linux.
The addressed vulnerabilities could allow the remote attacker to crash the browser, execute arbitrary code, or obtain sensitive information via a crafted HTML page and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Out-of-Bounds Read Vulnerability (CVE-2025-1914):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome DevTools Path Traversal Vulnerability (CVE-2025-1915):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Information Disclosure
Vulnerabilities
- CVE-2025-1914
- CVE-2025-1915
- CVE-2025-1916
- CVE-2025-1917
- CVE-2025-1918
- CVE-2025-1919
- CVE-2025-1921
- CVE-2025-1922
- CVE-2025-1923
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.