CVE-2025-1918: 
vulnerability analysis and mitigation

Out of bounds read vulnerability (CVE-2025-1918) was discovered in PDFium component of Google Chrome versions prior to 134.0.6998.35. The vulnerability was reported by researcher 'asnine' on January 9, 2025, and was publicly disclosed on March 4, 2025. This security flaw affects the PDF rendering engine (PDFium) in Google Chrome browsers across Windows, Mac, and Linux platforms (Chrome Release).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue in the PDFium component. It received a CVSS 3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Google has categorized this vulnerability with Medium severity in their internal assessment (NVD, Palo Alto).

The vulnerability allows remote attackers to potentially perform out of bounds memory access through a specially crafted PDF file. This could lead to unauthorized access to memory contents, potentially exposing sensitive information or causing application crashes (NVD).

Google has addressed this vulnerability in Chrome version 134.0.6998.35 and later. Users are advised to update their Chrome browsers to the latest version. No alternative workarounds have been provided (Chrome Release, Palo Alto).