CVE-2025-1922: 
vulnerability analysis and mitigation

A low-severity vulnerability identified as CVE-2025-1922 was discovered in Google Chrome on Android prior to version 134.0.6998.35. The vulnerability relates to an inappropriate implementation in the Selection feature, which was reported by Alesandro Ortiz on December 14, 2024, and was awarded a $5,000 bounty (Chrome Release).

The vulnerability is classified as CWE-451 (User Interface Misrepresentation of Critical Information) and received a CVSS 3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access and user interaction, with low attack complexity and no privileges required (NVD).

The vulnerability allows a remote attacker to perform UI spoofing through a crafted HTML page, but only if they can convince a user to engage in specific UI gestures. The impact is considered low severity according to Chromium's security assessment (NVD).

The vulnerability has been patched in Chrome version 134.0.6998.35 and later versions. Users are advised to update their Chrome browsers to the latest version to mitigate this security risk. Palo Alto Networks has also incorporated these security fixes into their products with version 134.7.4.44 (Palo Alto).