CVE-2025-1704

CWE-416Use After Free5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 68.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeosGoogle Chrome OS
Timeline
PublishedApr 16
Latest updateApr 17

Description

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/chromeos15823.23.015823.23.0
NVDgoogle/chrome_os15823.23.0

🔴Vulnerability Details

2
GHSA
GHSA-mhjg-qmr3-w2xc: ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 1242025-04-17
CVEList
CVE-2025-1704: ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 158232025-04-16

📋Vendor Advisories

1
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-17042024-10-29
CVE-2025-1704 (MEDIUM CVSS 6.5) | ComponentInstaller Modification in | cvebase.io