Chromium Security Update (MINDBREEZE34330)

ID: MINDBREEZE34330 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 6.8 Medium 
Status: Final 
First published: April 28, 2025 
CVEs: CVE-2025-0444, CVE-2025-0445, CVE-2025-0995, CVE-2025-0996, CVE-2025-0997, CVE-2025-0998, CVE-2025-0999, CVE-2025-1426, CVE-2025-1006, CVE-2025-1914, CVE-2025-1916, CVE-2025-1917, CVE-2025-1918, CVE-2025-1919, CVE-2025-1921, CVE-2025-1922, CVE-2025-1923, CVE-2025-1920, CVE-2025-2135, CVE-2025-2137, CVE-2025-2476, Chromium internal issue: 396481096 

Summary 

  • chromium - Component: Use after free in V8.
  • chromium - Component: Heap buffer overflow in V8.
  • chromium - Component: Out of bounds memory access in V8.
  • chromium - Component: Out of bounds read in V8.
  • chromium - Component: Type Confusion in V8.
  • chromium - Component: Heap buffer overflow in GPU.
  • chromium - Component: Use after free in Network.
  • chromium - Component: Use after free in Navigation.
  • chromium - Component: Use after free in Profiles.
  • chromium - Component: Use after free in Skia.
  • chromium - Component: Out of bounds read in PDFium.
  • chromium - Component: Out of bounds read in Media.
  • chromium - Component: Inappropriate Implementation in Media Stream.
  • chromium - Component: Inappropriate Implementation in Selection.
  • chromium - Component: Inappropriate Implementation in Permission Prompts.
  • chromium - Component: Inappropriate Implementation in Browser UI. 

 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

  • Mindbreeze InSpire 25.2 Release
  • Mindbreeze InSpire Saas 25.2 Release