Search criteria
203 vulnerabilities found for chrome_os by google
FKIE_CVE-2025-6044
Vulnerability from fkie_nvd - Published: 2025-07-07 19:15 - Updated: 2025-10-03 15:54
Severity ?
Summary
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16238.64.0:*:*:*:*:*:*:*",
"matchCriteriaId": "042B7440-A0C5-481F-8AE5-E2C118F7C841",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en el componente Stylus Tools de Google ChromeOS versi\u00f3n 16238.64.0 en dispositivos Lenovo permite a un atacante f\u00edsico eludir la pantalla de bloqueo y acceder a los archivos del usuario quitando el l\u00e1piz mientras el dispositivo est\u00e1 cerrado y usando la funci\u00f3n de captura de pantalla."
}
],
"id": "CVE-2025-6044",
"lastModified": "2025-10-03T15:54:42.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-07T19:15:23.920",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/421184743"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Permissions Required"
],
"url": "https://issuetracker.google.com/issues/421184743"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-6179
Vulnerability from fkie_nvd - Published: 2025-06-16 17:15 - Updated: 2025-07-02 18:23
Severity ?
Summary
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/399652193 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/399652193 | Exploit, Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16181.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF90330B-2CFA-4EC1-B521-7834F3034684",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools."
},
{
"lang": "es",
"value": "La omisi\u00f3n de permisos en la administraci\u00f3n de extensiones en Google ChromeOS 16181.27.0 en dispositivos Chrome administrados permite a un atacante local deshabilitar extensiones y acceder al modo de desarrollador, incluida la carga de extensiones adicionales mediante la explotaci\u00f3n de vulnerabilidades con las herramientas ExtHang3r y ExtPrint3r."
}
],
"id": "CVE-2025-6179",
"lastModified": "2025-07-02T18:23:31.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-16T17:15:32.053",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/399652193"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://issuetracker.google.com/issues/399652193"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-6177
Vulnerability from fkie_nvd - Published: 2025-06-16 17:15 - Updated: 2025-07-02 18:26
Severity ?
Summary
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/382540412 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/382540412 | Issue Tracking, Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16063.45.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2F47F3-3470-471B-81A4-84FDE3F7256D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."
},
{
"lang": "es",
"value": "La escalada de privilegios en MiniOS en Google ChromeOS (16063.45.2 y potencialmente otros) en dispositivos registrados permite a un atacante local obtener la ejecuci\u00f3n del c\u00f3digo root mediante la explotaci\u00f3n de un shell de depuraci\u00f3n (consola VT3) accesible a trav\u00e9s de combinaciones de teclas espec\u00edficas durante la entrada al modo de desarrollador y el acceso a MiniOS, incluso cuando el modo de desarrollador est\u00e1 bloqueado por la pol\u00edtica del dispositivo o Firmware Write Protect (FWMP)."
}
],
"id": "CVE-2025-6177",
"lastModified": "2025-07-02T18:26:40.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-16T17:15:31.813",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/382540412"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://issuetracker.google.com/issues/382540412"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-2509
Vulnerability from fkie_nvd - Published: 2025-05-06 01:15 - Updated: 2025-10-03 14:47
Severity ?
Summary
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to
VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/385851796 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/385851796 | Exploit, Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16093.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9D7F9B-F61E-4B84-B5C2-0420B5C17F30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description."
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en Virglrenderer en ChromeOS 16093.57.0 permite que una VM invitada maliciosa logre acceso a una direcci\u00f3n arbitraria dentro del proceso aislado crosvm, lo que potencialmente conduce a un escape de la VM a trav\u00e9s de datos de elementos de v\u00e9rtice manipulados que desencadenan una lectura fuera de los l\u00edmites en util_format_description."
}
],
"id": "CVE-2025-2509",
"lastModified": "2025-10-03T14:47:54.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-06T01:15:50.563",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/385851796"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://issuetracker.google.com/issues/385851796"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1290
Vulnerability from fkie_nvd - Published: 2025-04-17 01:15 - Updated: 2025-07-11 13:55
Severity ?
Summary
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/301886931 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/301886931 | Exploit, Issue Tracking, Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome_os | 15474.84.0 | ||
| linux | linux_kernel | 5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:15474.84.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9680D00-396A-4A01-BD44-C09288E994A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4D70AB13-37BE-4BD3-A652-10191F1642E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tipo \"Use-After-Free\" en la funci\u00f3n virtio_transport_space_update del kernel 5.4 de ChromeOS. La asignaci\u00f3n y liberaci\u00f3n simult\u00e1neas de la estructura virtio_vsock_sock durante una llamada al sistema de conexi\u00f3n AF_VSOCK pueden ocurrir antes de que un subproceso de trabajo acceda a ella, lo que resulta en un puntero colgante y la posible ejecuci\u00f3n de c\u00f3digo del kernel."
}
],
"id": "CVE-2025-1290",
"lastModified": "2025-07-11T13:55:52.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-17T01:15:46.317",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/301886931"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List"
],
"url": "https://issuetracker.google.com/issues/301886931"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-2073
Vulnerability from fkie_nvd - Published: 2025-04-16 23:15 - Updated: 2025-07-11 14:04
Severity ?
Summary
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/380043638 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/380043638 | Exploit, Issue Tracking, Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome_os | 16093.103.0 | ||
| linux | linux_kernel | 4.19 | |
| linux | linux_kernel | 5.10 | |
| linux | linux_kernel | 5.15 | |
| linux | linux_kernel | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16093.103.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C22119D1-D241-4D36-8441-BCE27528B0B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
"matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*",
"matchCriteriaId": "B29EBB93-107F-4ED6-8DE3-C2732BC659C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*",
"matchCriteriaId": "40D9C0D1-0F32-4A2B-9840-1072F5497540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure"
},
{
"lang": "es",
"value": "La lectura fuera de los l\u00edmites en ip_set_bitmap_ip.c en las versiones del kernel de Google ChromeOS 6.1, 5.15, 5.10, 5.4, 4.19 en todos los dispositivos donde se utiliza Termina permite que un atacante con privilegios CAP_NET_ADMIN provoque corrupci\u00f3n de memoria y potencialmente escale privilegios a trav\u00e9s de comandos ipset manipulados."
}
],
"id": "CVE-2025-2073",
"lastModified": "2025-07-11T14:04:59.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-16T23:15:45.610",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/380043638"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List"
],
"url": "https://issuetracker.google.com/issues/380043638"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1568
Vulnerability from fkie_nvd - Published: 2025-04-16 23:15 - Updated: 2025-07-08 18:07
Severity ?
Summary
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/374279912 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/374279912 | Issue Tracking, Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E46EA713-D124-442D-B0A0-93EAC016D8B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit\u0027s project.config."
},
{
"lang": "es",
"value": "Vulnerabilidad de control de acceso en la configuraci\u00f3n del proyecto Gerrit chromiumos en Google ChromeOS 131.0.6778.268 permite a un atacante con una cuenta Gerrit registrada inyectar c\u00f3digo malicioso en proyectos de ChromeOS y potencialmente lograr la ejecuci\u00f3n remota de c\u00f3digo y la denegaci\u00f3n de servicio mediante la edici\u00f3n de canalizaciones confiables mediante controles de acceso insuficientes y configuraciones err\u00f3neas en project.config de Gerrit."
}
],
"id": "CVE-2025-1568",
"lastModified": "2025-07-08T18:07:07.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-16T23:15:44.853",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/374279912"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://issuetracker.google.com/issues/374279912"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1704
Vulnerability from fkie_nvd - Published: 2025-04-16 23:15 - Updated: 2025-07-11 14:15
Severity ?
Summary
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/359915523 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/359915523 | Exploit, Issue Tracking, Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:15823.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B52C42-EB41-440C-B651-F2E86898655F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
},
{
"lang": "es",
"value": "La modificaci\u00f3n de ComponentInstaller en ComponentInstaller en Google ChromeOS 124.0.6367.34 en Chromebooks permite a los usuarios inscritos con acceso local cancelar la inscripci\u00f3n de dispositivos e interceptar solicitudes de administraci\u00f3n de dispositivos mediante la carga de componentes desde la partici\u00f3n con estado no cifrada."
}
],
"id": "CVE-2025-1704",
"lastModified": "2025-07-11T14:15:07.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-16T23:15:44.937",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/359915523"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List"
],
"url": "https://issuetracker.google.com/issues/359915523"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1566
Vulnerability from fkie_nvd - Published: 2025-04-16 23:15 - Updated: 2025-07-08 18:08
Severity ?
Summary
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/342802975 | Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/342802975 | Issue Tracking, Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:16002.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91F38647-41B2-4175-B80D-FF0F05BC9364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
},
{
"lang": "es",
"value": "Una fuga de DNS en el sistema VPN nativo del canal de desarrollo de Google ChromeOS en ChromeOS 129.0.6668.36 permite que los observadores de la red expongan consultas DNS de texto simple debido a una falla en la tunelizaci\u00f3n adecuada del tr\u00e1fico DNS durante las transiciones de estado de VPN."
}
],
"id": "CVE-2025-1566",
"lastModified": "2025-07-08T18:08:30.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-16T23:15:44.767",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/342802975"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://issuetracker.google.com/issues/342802975"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1319"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1121
Vulnerability from fkie_nvd - Published: 2025-03-07 00:15 - Updated: 2025-07-21 16:57
Severity ?
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/336153054 | Broken Link, Issue Tracking, Vendor Advisory | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/336153054 | Issue Tracking, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://issuetracker.google.com/issues/336153054 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:15786.48.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D681E31E-CF4E-4853-9837-77B14FF419E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
},
{
"lang": "es",
"value": "La escalada de privilegios en la gesti\u00f3n de im\u00e1genes de instalaci\u00f3n y recuperaci\u00f3n en Google ChromeOS 123.0.6312.112 en el dispositivo permite que un atacante con acceso f\u00edsico obtenga la ejecuci\u00f3n del c\u00f3digo ra\u00edz y potencialmente cancele la inscripci\u00f3n de dispositivos administrados por la empresa a trav\u00e9s de una imagen de recuperaci\u00f3n especialmente manipulada."
}
],
"id": "CVE-2025-1121",
"lastModified": "2025-07-21T16:57:28.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-07T00:15:34.360",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Broken Link",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.chromium.org/issues/b/336153054"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issuetracker.google.com/issues/336153054"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issuetracker.google.com/issues/336153054"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-6044 (GCVE-0-2025-6044)
Vulnerability from cvelistv5 – Published: 2025-07-07 18:58 – Updated: 2025-07-09 18:35
VLAI?
Summary
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
Severity ?
6.1 (Medium)
CWE
- Files or Directories Accessible to External Parties
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:32:43.961731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:35:37.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16238.64.0",
"status": "affected",
"version": "16238.64.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Files or Directories Accessible to External Parties",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:35:08.612Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/421184743"
},
{
"url": "https://issues.chromium.org/issues/b/421184743"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6044",
"datePublished": "2025-07-07T18:58:45.456Z",
"dateReserved": "2025-06-12T21:41:59.445Z",
"dateUpdated": "2025-07-09T18:35:08.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6179 (GCVE-0-2025-6179)
Vulnerability from cvelistv5 – Published: 2025-06-16 16:56 – Updated: 2025-06-17 14:01
VLAI?
Title
ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
Summary
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
Severity ?
9.8 (Critical)
CWE
- Permissions Bypass / Privilege Escalation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:59:34.942717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:01:39.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16181.27.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permissions Bypass / Privilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:56:37.722Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/399652193"
},
{
"url": "https://issues.chromium.org/issues/b/399652193"
}
],
"title": "ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits"
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6179",
"datePublished": "2025-06-16T16:56:37.722Z",
"dateReserved": "2025-06-16T16:50:44.449Z",
"dateUpdated": "2025-06-17T14:01:39.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6177 (GCVE-0-2025-6177)
Vulnerability from cvelistv5 – Published: 2025-06-16 16:43 – Updated: 2025-06-17 03:55
VLAI?
Title
ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked
Summary
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
Severity ?
7.4 (High)
CWE
- Privilege Escalation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T03:55:13.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16063.45.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:43:44.191Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/382540412"
},
{
"url": "https://issues.chromium.org/issues/b/382540412"
}
],
"title": "ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked"
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6177",
"datePublished": "2025-06-16T16:43:44.191Z",
"dateReserved": "2025-06-16T16:30:47.684Z",
"dateUpdated": "2025-06-17T03:55:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2509 (GCVE-0-2025-2509)
Vulnerability from cvelistv5 – Published: 2025-05-06 00:59 – Updated: 2025-05-08 19:15
VLAI?
Summary
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to
VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
Severity ?
7.8 (High)
CWE
- Memory Corruption
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:46.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16093.57.0",
"status": "affected",
"version": "16093.57.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.601Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/385851796"
},
{
"url": "https://issues.chromium.org/issues/b/385851796"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-2509",
"datePublished": "2025-05-06T00:59:32.231Z",
"dateReserved": "2025-03-18T20:10:07.777Z",
"dateUpdated": "2025-05-08T19:15:07.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1290 (GCVE-0-2025-1290)
Vulnerability from cvelistv5 – Published: 2025-04-17 00:13 – Updated: 2025-05-08 19:15
VLAI?
Summary
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
Severity ?
8.1 (High)
CWE
- Use-After-Free (UAF)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:25:56.436790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:26:51.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15474.84.0",
"status": "affected",
"version": "15474.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.309Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/301886931"
},
{
"url": "https://issues.chromium.org/issues/b/301886931"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1290",
"datePublished": "2025-04-17T00:13:35.225Z",
"dateReserved": "2025-02-13T22:19:47.467Z",
"dateUpdated": "2025-05-08T19:15:07.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1568 (GCVE-0-2025-1568)
Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-20 14:33
VLAI?
Summary
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
Severity ?
8.8 (High)
CWE
- Code execution
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:46:13.539057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:33:23.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16063.87.0",
"status": "affected",
"version": "16063.87.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit\u0027s project.config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.092Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/374279912"
},
{
"url": "https://issues.chromium.org/issues/b/374279912"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1568",
"datePublished": "2025-04-16T23:06:28.902Z",
"dateReserved": "2025-02-21T22:33:59.174Z",
"dateUpdated": "2025-05-20T14:33:23.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2073 (GCVE-0-2025-2073)
Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
VLAI?
Summary
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
Severity ?
8.8 (High)
CWE
- Out-of-Bounds Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:47:09.192243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:44:40.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
"status": "affected",
"version": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.866Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/380043638"
},
{
"url": "https://issues.chromium.org/issues/b/380043638"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-2073",
"datePublished": "2025-04-16T23:06:28.608Z",
"dateReserved": "2025-03-06T20:11:52.646Z",
"dateUpdated": "2025-05-08T19:15:06.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1704 (GCVE-0-2025-1704)
Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
VLAI?
Summary
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
Severity ?
6.5 (Medium)
CWE
- Use-After-Free (UAF)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:48:23.843965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:03.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15823.23.0",
"status": "affected",
"version": "15823.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.471Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/359915523"
},
{
"url": "https://issues.chromium.org/issues/b/359915523"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1704",
"datePublished": "2025-04-16T23:06:28.279Z",
"dateReserved": "2025-02-25T23:19:38.958Z",
"dateUpdated": "2025-05-08T19:15:06.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1566 (GCVE-0-2025-1566)
Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
VLAI?
Summary
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
Severity ?
7.5 (High)
CWE
- Network Security Isolation (NSI)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:32:48.693962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1319",
"description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:29.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16002.23.0",
"status": "affected",
"version": "16002.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Network Security Isolation (NSI)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.169Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/342802975"
},
{
"url": "https://issues.chromium.org/issues/b/342802975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1566",
"datePublished": "2025-04-16T23:06:27.847Z",
"dateReserved": "2025-02-21T21:30:53.937Z",
"dateUpdated": "2025-05-08T19:15:06.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1121 (GCVE-0-2025-1121)
Vulnerability from cvelistv5 – Published: 2025-03-06 23:49 – Updated: 2025-05-08 19:15
VLAI?
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
Severity ?
6.8 (Medium)
CWE
- Code execution and Privilege Escalation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:38:04.878602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:39:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://issuetracker.google.com/issues/336153054"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15786.48.2",
"status": "affected",
"version": "15786.48.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution and \nPrivilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:05.506Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/336153054"
},
{
"url": "https://issues.chromium.org/issues/b/336153054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1121",
"datePublished": "2025-03-06T23:49:03.219Z",
"dateReserved": "2025-02-07T18:26:21.569Z",
"dateUpdated": "2025-05-08T19:15:05.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6044 (GCVE-0-2025-6044)
Vulnerability from nvd – Published: 2025-07-07 18:58 – Updated: 2025-07-09 18:35
VLAI?
Summary
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
Severity ?
6.1 (Medium)
CWE
- Files or Directories Accessible to External Parties
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:32:43.961731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:35:37.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16238.64.0",
"status": "affected",
"version": "16238.64.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Files or Directories Accessible to External Parties",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:35:08.612Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/421184743"
},
{
"url": "https://issues.chromium.org/issues/b/421184743"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6044",
"datePublished": "2025-07-07T18:58:45.456Z",
"dateReserved": "2025-06-12T21:41:59.445Z",
"dateUpdated": "2025-07-09T18:35:08.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6179 (GCVE-0-2025-6179)
Vulnerability from nvd – Published: 2025-06-16 16:56 – Updated: 2025-06-17 14:01
VLAI?
Title
ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
Summary
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
Severity ?
9.8 (Critical)
CWE
- Permissions Bypass / Privilege Escalation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:59:34.942717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:01:39.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16181.27.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permissions Bypass / Privilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:56:37.722Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/399652193"
},
{
"url": "https://issues.chromium.org/issues/b/399652193"
}
],
"title": "ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits"
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6179",
"datePublished": "2025-06-16T16:56:37.722Z",
"dateReserved": "2025-06-16T16:50:44.449Z",
"dateUpdated": "2025-06-17T14:01:39.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6177 (GCVE-0-2025-6177)
Vulnerability from nvd – Published: 2025-06-16 16:43 – Updated: 2025-06-17 03:55
VLAI?
Title
ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked
Summary
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
Severity ?
7.4 (High)
CWE
- Privilege Escalation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T03:55:13.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16063.45.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:43:44.191Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/382540412"
},
{
"url": "https://issues.chromium.org/issues/b/382540412"
}
],
"title": "ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked"
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6177",
"datePublished": "2025-06-16T16:43:44.191Z",
"dateReserved": "2025-06-16T16:30:47.684Z",
"dateUpdated": "2025-06-17T03:55:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2509 (GCVE-0-2025-2509)
Vulnerability from nvd – Published: 2025-05-06 00:59 – Updated: 2025-05-08 19:15
VLAI?
Summary
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to
VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
Severity ?
7.8 (High)
CWE
- Memory Corruption
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:46.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16093.57.0",
"status": "affected",
"version": "16093.57.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.601Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/385851796"
},
{
"url": "https://issues.chromium.org/issues/b/385851796"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-2509",
"datePublished": "2025-05-06T00:59:32.231Z",
"dateReserved": "2025-03-18T20:10:07.777Z",
"dateUpdated": "2025-05-08T19:15:07.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1290 (GCVE-0-2025-1290)
Vulnerability from nvd – Published: 2025-04-17 00:13 – Updated: 2025-05-08 19:15
VLAI?
Summary
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
Severity ?
8.1 (High)
CWE
- Use-After-Free (UAF)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:25:56.436790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:26:51.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15474.84.0",
"status": "affected",
"version": "15474.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.309Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/301886931"
},
{
"url": "https://issues.chromium.org/issues/b/301886931"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1290",
"datePublished": "2025-04-17T00:13:35.225Z",
"dateReserved": "2025-02-13T22:19:47.467Z",
"dateUpdated": "2025-05-08T19:15:07.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1568 (GCVE-0-2025-1568)
Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-20 14:33
VLAI?
Summary
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
Severity ?
8.8 (High)
CWE
- Code execution
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:46:13.539057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:33:23.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16063.87.0",
"status": "affected",
"version": "16063.87.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit\u0027s project.config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.092Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/374279912"
},
{
"url": "https://issues.chromium.org/issues/b/374279912"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1568",
"datePublished": "2025-04-16T23:06:28.902Z",
"dateReserved": "2025-02-21T22:33:59.174Z",
"dateUpdated": "2025-05-20T14:33:23.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2073 (GCVE-0-2025-2073)
Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
VLAI?
Summary
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
Severity ?
8.8 (High)
CWE
- Out-of-Bounds Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:47:09.192243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:44:40.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
"status": "affected",
"version": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.866Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/380043638"
},
{
"url": "https://issues.chromium.org/issues/b/380043638"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-2073",
"datePublished": "2025-04-16T23:06:28.608Z",
"dateReserved": "2025-03-06T20:11:52.646Z",
"dateUpdated": "2025-05-08T19:15:06.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1704 (GCVE-0-2025-1704)
Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
VLAI?
Summary
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
Severity ?
6.5 (Medium)
CWE
- Use-After-Free (UAF)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:48:23.843965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:03.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15823.23.0",
"status": "affected",
"version": "15823.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.471Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/359915523"
},
{
"url": "https://issues.chromium.org/issues/b/359915523"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1704",
"datePublished": "2025-04-16T23:06:28.279Z",
"dateReserved": "2025-02-25T23:19:38.958Z",
"dateUpdated": "2025-05-08T19:15:06.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1566 (GCVE-0-2025-1566)
Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
VLAI?
Summary
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
Severity ?
7.5 (High)
CWE
- Network Security Isolation (NSI)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:32:48.693962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1319",
"description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:29.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16002.23.0",
"status": "affected",
"version": "16002.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Network Security Isolation (NSI)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.169Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/342802975"
},
{
"url": "https://issues.chromium.org/issues/b/342802975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1566",
"datePublished": "2025-04-16T23:06:27.847Z",
"dateReserved": "2025-02-21T21:30:53.937Z",
"dateUpdated": "2025-05-08T19:15:06.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1121 (GCVE-0-2025-1121)
Vulnerability from nvd – Published: 2025-03-06 23:49 – Updated: 2025-05-08 19:15
VLAI?
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
Severity ?
6.8 (Medium)
CWE
- Code execution and Privilege Escalation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:38:04.878602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:39:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://issuetracker.google.com/issues/336153054"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15786.48.2",
"status": "affected",
"version": "15786.48.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution and \nPrivilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:05.506Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/336153054"
},
{
"url": "https://issues.chromium.org/issues/b/336153054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1121",
"datePublished": "2025-03-06T23:49:03.219Z",
"dateReserved": "2025-02-07T18:26:21.569Z",
"dateUpdated": "2025-05-08T19:15:05.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}