PT-2025-16921 · Google · Chrome Os
Published
2024-08-14
·
Updated
2025-04-17
·
CVE-2025-1704
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Google ChromeOS version 124.0.6367.34
Description
The issue allows enrolled users with local access to unenroll devices and intercept device management requests by loading components from the unencrypted stateful partition. This is due to a modification in the ComponentInstaller.
Recommendations
For Google ChromeOS version 124.0.6367.34, consider restricting local access to enrolled users to minimize the risk of exploitation. As a temporary workaround, restrict the ability to load components from the unencrypted stateful partition until a patch is available.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chrome Os