Google Chromeos
12 CVEs affecting Google Chromeos. Latest disclosed: 2025-07-07. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6179 | Critical | 9.8 | 2025-06-16 | Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and ac… |
CVE-2025-2073 | High | 8.8 | 2025-04-16 | Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bo… |
CVE-2025-1568 | High | 8.8 | 2025-04-16 | Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to in… |
CVE-2025-1290 | High | 8.1 | 2025-04-17 | A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and… |
CVE-2025-2509 | High | 7.8 | 2025-05-06 | Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process… |
CVE-2025-1566 | High | 7.5 | 2025-04-16 | DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to pro… |
CVE-2025-6177 | High | 7.4 | 2025-06-16 | Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution v… |
CVE-2025-1121 | Medium | 6.8 | 2025-03-07 | Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain r… |
CVE-2025-1292 | Medium | 6.7 | 2025-04-15 | Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence… |
CVE-2025-1122 | Medium | 6.7 | 2025-04-15 | Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and… |
CVE-2025-1704 | Medium | 6.5 | 2025-04-16 | ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices… |
CVE-2025-6044 | Medium | 6.1 | 2025-07-07 | An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical at… |