CVE-2025-1121

Name of the Vulnerable Software and Affected Versions Google ChromeOS version 123.0.6312.112

Description The issue allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image. This is a result of privilege escalation in Installer and Recovery image handling.

Recommendations For Google ChromeOS version 123.0.6312.112, consider restricting physical access to devices to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using specially crafted recovery images. At the moment, there is no information about a newer version that contains a fix for this vulnerability.