CVE-2025-6177

Name of the Vulnerable Software and Affected Versions Google ChromeOS versions 16063.45.2 and potentially others

Description The issue allows a local attacker to gain root code execution via exploiting a debug shell accessible through specific key combinations during developer mode entry and MiniOS access. This can occur even when developer mode is blocked by device policy or Firmware Write Protect.

Recommendations For version 16063.45.2 and potentially others, as a temporary workaround, consider disabling access to the debug shell until a patch is available. Restrict access to the MiniOS to minimize the risk of exploitation. Avoid using the specific key combinations that allow access to the debug shell during developer mode entry.