Use After Free in Google Chrome_os
CVE-2025-1704
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencr…
Vulnerability class: Use-After-Free
EPSS: 0.002 (9.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Google Chrome_os — versions 15823.23.0
- Google Chromeos — versions 15823.23.0
Weakness classification (CWE)
References
- 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f (Exploit, Mailing List, Issue Tracking)
- 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f (Broken Link)
Frequently asked questions
- What is CVE-2025-1704?
- CVE-2025-1704 is a medium-severity vulnerability in Google Chrome_os, classified under Use After Free. CVSS score: 6.5/10. Published 2025-04-16.
- How severe is CVE-2025-1704?
- Medium severity. CVSS v3 base score is 6.5 out of 10.