SB2025030615 - Fedora EPEL 10.1 update for chromium

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-1914)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

2) External Control of File Name or Path (CVE-ID: CVE-2025-1915)

The vulnerability allows a remote attacker to overwrite files on the system.

The vulnerability exists due to improper limitations of a pathname to a restricted directory in DevTools. A remote attacker can trick the victim into performing certain actions on the website and overwrite arbitrary files on the system.

3) Use-after-free (CVE-ID: CVE-2025-1916)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Profiles in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

4) Improperly implemented security check for standard (CVE-ID: CVE-2025-1917)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Browser UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

5) Out-of-bounds read (CVE-ID: CVE-2025-1918)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the PDFium component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

6) Out-of-bounds read (CVE-ID: CVE-2025-1919)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Media component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

7) Improperly implemented security check for standard (CVE-ID: CVE-2025-1921)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Media Stream in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

8) Improperly implemented security check for standard (CVE-ID: CVE-2025-1922)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Selection in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

9) Improperly implemented security check for standard (CVE-ID: CVE-2025-1923)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Permission Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-2ac21d5aa2