Google Chromeos

12 CVEs affecting Google Chromeos. Latest disclosed: 2025-07-07. Critical: 1, High: 6.

Top CVEs affecting Google Chromeos
CVESeverityScorePublishedSummary
CVE-2025-6179Critical9.82025-06-16Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and ac…
CVE-2025-2073High8.82025-04-16Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bo…
CVE-2025-1568High8.82025-04-16Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to in…
CVE-2025-1290High8.12025-04-17A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and…
CVE-2025-2509High7.82025-05-06Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process…
CVE-2025-1566High7.52025-04-16DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to pro…
CVE-2025-6177High7.42025-06-16Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution v…
CVE-2025-1121Medium6.82025-03-07Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain r…
CVE-2025-1292Medium6.72025-04-15Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence…
CVE-2025-1122Medium6.72025-04-15Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and…
CVE-2025-1704Medium6.52025-04-16ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices…
CVE-2025-6044Medium6.12025-07-07An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical at…