Google Chromeos vulnerabilities

CVE-2025-6044 [MEDIUM] CWE-287 CVE-2025-6044: An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16 An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

CVE-2025-6179 [CRITICAL] CWE-276 CVE-2025-6179: Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome d Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.

CVE-2025-6177 [HIGH] CWE-269 CVE-2025-6177: Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled de Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmwa

CVE-2025-2509 [HIGH] CWE-125 CVE-2025-2509: Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve a Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

CVE-2025-1290 [HIGH] CWE-416 CVE-2025-1290: A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function w A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.

CVE-2025-1568 [HIGH] CWE-284 CVE-2025-1568: Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87. Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations i

CVE-2025-1566 [HIGH] CWE-1319 CVE-2025-1566: DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network o DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

CVE-2025-2073 [HIGH] CWE-125 CVE-2025-2073: Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure

CVE-2025-1704 [MEDIUM] CWE-416 CVE-2025-1704: ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks a ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

CVE-2025-1122 [MEDIUM] CWE-787 CVE-2025-1122: Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards a Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

CVE-2025-1292 [MEDIUM] CWE-787 CVE-2025-1292: Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boar Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

CVE-2025-1121 [MEDIUM] CWE-269 CVE-2025-1121: Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.