CVE-2025-1914

CVE-2025-1914 is an out-of-bounds read vulnerability in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 134.0.6998.35. The flaw, classified under CWE-125 (Out-of-bounds Read), enables a remote attacker to perform out-of-bounds memory access through a specially crafted HTML page. Google rates this as High severity in Chromium security, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), highlighting its potential for significant impact on confidentiality, integrity, and availability.

A remote attacker can exploit this vulnerability by tricking a user into visiting a malicious website or interacting with a crafted HTML page, requiring no privileges or special access. Successful exploitation grants high-level access to sensitive memory contents, potentially allowing arbitrary code execution, data leakage, or system crashes within the browser's sandboxed context.

Mitigation is addressed in the Chrome Stable Channel update, as detailed in the official release notes at https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html, which patches the issue in version 134.0.6998.35 and later. Additional technical details are available in the Chromium issue tracker at https://issues.chromium.org/issues/397731718. Security practitioners should prioritize updating affected Chrome installations to prevent exploitation.