CVE-2025-1568

Name of the Vulnerable Software and Affected Versions Google ChromeOS version 131.0.6778.268 Google ChromeOS version 16063.87.0

Description The issue is related to an access control vulnerability in the Gerrit chromiumos project configuration. This vulnerability allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects, potentially achieving Remote Code Execution and Denial of Service. The vulnerability is caused by insufficient access controls and misconfigurations in Gerrit's project.config, which enables the editing of trusted pipelines.

Recommendations For Google ChromeOS version 131.0.6778.268, consider disabling the editing of trusted pipelines in Gerrit's project.config as a temporary workaround until a patch is available. For Google ChromeOS version 16063.87.0, restrict access to the Gerrit chromiumos project configuration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.