Skip to main content

Chrome CVE-2025-1921

MEDIUM
Exposure of Sensitive Information Through Metadata (CWE-1230)
2025-03-05 chrome-cve-admin@google.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Apr 05, 2026 - 02:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
CVE Published
Mar 05, 2025 - 04:15 nvd
MEDIUM 6.5

DescriptionCVE.org

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1230. Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) Affected products include: Google Chrome. Version information: prior to 134.0.6998.35.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Chrome

View all
CVE-2026-3910 HIGH POC
8.8 Mar 13

Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote atta

CVE-2026-3909 HIGH POC
8.8 Mar 13

Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attacker

CVE-2026-5281 HIGH POC
8.8 Apr 01

Remote code execution in Google Chrome prior to version 146.0.7680.178 via a use-after-free vulnerability in the Dawn gr

CVE-2025-5419 HIGH POC
8.8 Jun 03

Chrome's V8 JavaScript engine contains an out-of-bounds read and write vulnerability (CVE-2025-5419, CVSS 8.8) enabling

CVE-2026-2441 HIGH POC
8.8 Feb 13

Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attacker

CVE-2025-6554 HIGH POC
8.1 Jun 30

Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write opera

CVE-2025-13223 HIGH
8.8 Nov 17

Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day

CVE-2025-27038 HIGH
7.5 Jun 03

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory

CVE-2024-12450 CRITICAL POC
9.8 Mar 20

In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities.

CVE-2025-6179 CRITICAL POC
9.8 Jun 16

Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensio

CVE-2025-49713 HIGH POC
8.8 Jul 02

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized

CVE-2025-2073 HIGH POC
8.8 Apr 16

Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Package Hub 15 SP6 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP6 Fixed

Share

CVE-2025-1921 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy