CVE-2025-1122

Name of the Vulnerable Software and Affected Versions Google ChromeOS version 122.0.6261.132

Description The issue is related to an Out-Of-Bounds Write in the TPM2 Reference Library, allowing an attacker with root access to gain persistence and bypass operating system verification. This is achieved by exploiting the NV Read functionality during the Challenge-Response process.

Recommendations For Google ChromeOS version 122.0.6261.132, consider restricting access to the NV Read functionality until a patch is available. As a temporary workaround, limit the use of the Challenge-Response process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.