CVE-2025-3068: 
vulnerability analysis and mitigation

CVE-2025-3068 is a security vulnerability discovered in Google Chrome on Android prior to version 135.0.7049.52. The vulnerability stems from an inappropriate implementation in Intents functionality. It was reported by Simon Rawet on March 9, 2025, and was assigned a Medium severity rating by Google Chrome's security team (Chrome Release).

The vulnerability has been assigned a CVSS 3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is related to the inappropriate implementation of Intents in the Android version of Chrome, which could potentially allow privilege escalation when a user interacts with a specially crafted HTML page (NVD).

The vulnerability allows a remote attacker to perform privilege escalation via a crafted HTML page. This could potentially lead to elevated access rights on the affected system, compromising the security of the Android device running the vulnerable version of Chrome (NVD).

The vulnerability has been patched in Chrome version 135.0.7049.52. Users are advised to update their Chrome browsers to this version or later to mitigate the risk. The fix was included as part of Chrome's April 2025 security update release (Chrome Release).