CVE-2025-1923
📋 TL;DR
This vulnerability allows attackers who convince users to install malicious Chrome extensions to perform UI spoofing attacks. The malicious extension can manipulate permission prompts to trick users into granting unintended permissions. Only Chrome users who install malicious extensions are affected.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Attackers could spoof legitimate permission prompts to trick users into granting sensitive permissions (camera, microphone, location, notifications) to malicious extensions, potentially leading to data theft or surveillance.
Likely Case
Users might be tricked into granting unnecessary permissions to seemingly legitimate extensions, allowing those extensions to access more data than intended.
If Mitigated
With proper extension vetting and user education about only installing trusted extensions from official sources, impact is minimal.
🎯 Exploit Status
Requires social engineering to convince users to install malicious extension, then technical skill to craft UI spoofing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 134.0.6998.35 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates and install version 134.0.6998.35 or later. 3. Click 'Relaunch' to restart Chrome with the update.
🔧 Temporary Workarounds
Disable Chrome Extensions
allTemporarily disable all extensions to prevent exploitation while waiting to patch.
chrome://extensions/ > toggle off all extensions
Restrict Extension Installation
allConfigure Chrome policies to prevent users from installing extensions.
Windows: Set ExtensionInstallBlocklist policy to *
macOS/Linux: Configure ExtensionInstallBlacklist
🧯 If You Can't Patch
- Educate users to only install extensions from Chrome Web Store and verify publisher reputation
- Implement application allowlisting to prevent unauthorized extension installation
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if below 134.0.6998.35 and extensions are enabled, system is vulnerable.Check Version:
chrome://version/ or 'google-chrome --version' in terminalVerify Fix Applied:
Confirm Chrome version is 134.0.6998.35 or higher via chrome://version/📡 Detection & Monitoring
Log Indicators:
- Unusual extension installation events
- Multiple permission prompt events from same extension
Network Indicators:
- Extensions making unexpected network requests after permission grants
SIEM Query:
source="chrome_extension_logs" AND (event="permission_granted" OR event="extension_install") | stats count by extension_id