Search

Find a vulnerability

Search criteria

    134 vulnerabilities found for chrome_os by google

    CVE-2025-6044 (GCVE-0-2025-6044)

    Vulnerability from nvd – Published: 2025-07-07 18:58 – Updated: 2025-07-09 18:35
    VLAI
    Summary
    An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Files or Directories Accessible to External Parties
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16238.64.0 , < 16238.64.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:32:43.961731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T17:35:37.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16238.64.0",
                  "status": "affected",
                  "version": "16238.64.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Files or Directories Accessible to External Parties",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-09T18:35:08.612Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/421184743"
            },
            {
              "url": "https://issues.chromium.org/issues/b/421184743"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-6044",
        "datePublished": "2025-07-07T18:58:45.456Z",
        "dateReserved": "2025-06-12T21:41:59.445Z",
        "dateUpdated": "2025-07-09T18:35:08.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6179 (GCVE-0-2025-6179)

    Vulnerability from nvd – Published: 2025-06-16 16:56 – Updated: 2025-06-17 14:01
    VLAI
    Title
    ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
    Summary
    Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Permissions Bypass / Privilege Escalation
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16181.27.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T13:59:34.942717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T14:01:39.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "status": "affected",
                  "version": "16181.27.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Permissions Bypass in Extension Management in Google ChromeOS         16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Permissions Bypass / Privilege Escalation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T16:56:37.722Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/399652193"
            },
            {
              "url": "https://issues.chromium.org/issues/b/399652193"
            }
          ],
          "title": "ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-6179",
        "datePublished": "2025-06-16T16:56:37.722Z",
        "dateReserved": "2025-06-16T16:50:44.449Z",
        "dateUpdated": "2025-06-17T14:01:39.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6177 (GCVE-0-2025-6177)

    Vulnerability from nvd – Published: 2025-06-16 16:43 – Updated: 2026-02-26 17:50
    VLAI
    Title
    ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked
    Summary
    Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Privilege Escalation
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16063.45.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6177",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T03:55:14.027491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:35.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "status": "affected",
                  "version": "16063.45.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T16:43:44.191Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/382540412"
            },
            {
              "url": "https://issues.chromium.org/issues/b/382540412"
            }
          ],
          "title": "ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-6177",
        "datePublished": "2025-06-16T16:43:44.191Z",
        "dateReserved": "2025-06-16T16:30:47.684Z",
        "dateUpdated": "2026-02-26T17:50:35.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2509 (GCVE-0-2025-2509)

    Vulnerability from nvd – Published: 2025-05-06 00:59 – Updated: 2026-02-26 18:29
    VLAI
    Summary
    Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Memory Corruption
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16093.57.0 , < 16093.57.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T03:55:47.322940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:29:03.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16093.57.0",
                  "status": "affected",
                  "version": "16093.57.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-Bounds Read in Virglrenderer in ChromeOS  16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Memory Corruption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:07.601Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/385851796"
            },
            {
              "url": "https://issues.chromium.org/issues/b/385851796"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-2509",
        "datePublished": "2025-05-06T00:59:32.231Z",
        "dateReserved": "2025-03-18T20:10:07.777Z",
        "dateUpdated": "2026-02-26T18:29:03.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1290 (GCVE-0-2025-1290)

    Vulnerability from nvd – Published: 2025-04-17 00:13 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use-After-Free (UAF)
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 15474.84.0 , < 15474.84.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1290",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T13:25:56.436790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T13:26:51.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "15474.84.0",
                  "status": "affected",
                  "version": "15474.84.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-After-Free (UAF)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:07.309Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/301886931"
            },
            {
              "url": "https://issues.chromium.org/issues/b/301886931"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1290",
        "datePublished": "2025-04-17T00:13:35.225Z",
        "dateReserved": "2025-02-13T22:19:47.467Z",
        "dateUpdated": "2025-05-08T19:15:07.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2073 (GCVE-0-2025-2073)

    Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-Bounds Read
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: Kernal version 6.1, 5.15. 5.10, 4.19 chromeOS version 16093.103.0 , < Kernal version 6.1, 5.15. 5.10, 4.19 chromeOS version 16093.103.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T15:47:09.192243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T19:44:40.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
                  "status": "affected",
                  "version": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-Bounds Read",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:06.866Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/380043638"
            },
            {
              "url": "https://issues.chromium.org/issues/b/380043638"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-2073",
        "datePublished": "2025-04-16T23:06:28.608Z",
        "dateReserved": "2025-03-06T20:11:52.646Z",
        "dateUpdated": "2025-05-08T19:15:06.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1704 (GCVE-0-2025-1704)

    Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Use-After-Free (UAF)
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 15823.23.0 , < 15823.23.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T15:48:23.843965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T19:45:03.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "15823.23.0",
                  "status": "affected",
                  "version": "15823.23.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-After-Free (UAF)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:06.471Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/359915523"
            },
            {
              "url": "https://issues.chromium.org/issues/b/359915523"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1704",
        "datePublished": "2025-04-16T23:06:28.279Z",
        "dateReserved": "2025-02-25T23:19:38.958Z",
        "dateUpdated": "2025-05-08T19:15:06.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1568 (GCVE-0-2025-1568)

    Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-20 14:33
    VLAI
    Summary
    Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code execution
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16063.87.0 , < 16063.87.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T15:46:13.539057Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T14:33:23.211Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16063.87.0",
                  "status": "affected",
                  "version": "16063.87.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit\u0027s project.config."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:07.092Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/374279912"
            },
            {
              "url": "https://issues.chromium.org/issues/b/374279912"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1568",
        "datePublished": "2025-04-16T23:06:28.902Z",
        "dateReserved": "2025-02-21T22:33:59.174Z",
        "dateUpdated": "2025-05-20T14:33:23.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1566 (GCVE-0-2025-1566)

    Vulnerability from nvd – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Network Security Isolation (NSI)
    • CWE-1319 - Improper Protection against Electromagnetic Fault Injection (EM-FI)
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16002.23.0 , < 16002.23.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T13:32:48.693962Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1319",
                    "description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T19:45:29.043Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16002.23.0",
                  "status": "affected",
                  "version": "16002.23.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Network Security Isolation (NSI)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:06.169Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/342802975"
            },
            {
              "url": "https://issues.chromium.org/issues/b/342802975"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1566",
        "datePublished": "2025-04-16T23:06:27.847Z",
        "dateReserved": "2025-02-21T21:30:53.937Z",
        "dateUpdated": "2025-05-08T19:15:06.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1121 (GCVE-0-2025-1121)

    Vulnerability from nvd – Published: 2025-03-06 23:49 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code execution and Privilege Escalation
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 15786.48.2 , < 15786.48.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1121",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T19:38:04.878602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-07T19:39:15.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://issuetracker.google.com/issues/336153054"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "15786.48.2",
                  "status": "affected",
                  "version": "15786.48.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code execution and \nPrivilege Escalation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:05.506Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/336153054"
            },
            {
              "url": "https://issues.chromium.org/issues/b/336153054"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1121",
        "datePublished": "2025-03-06T23:49:03.219Z",
        "dateReserved": "2025-02-07T18:26:21.569Z",
        "dateUpdated": "2025-05-08T19:15:05.506Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2743 (GCVE-0-2022-2743)

    Vulnerability from nvd – Published: 2023-01-02 00:00 – Updated: 2024-10-22 15:39
    VLAI
    Summary
    Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Integer overflow
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: unspecified , < 104.0.5112.79 (custom)
    Create a notification for this product.
    google chrome Affected: 0 , < 104.0.5112.79 (custom)
        cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:04.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://crbug.com/1316960"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "chrome",
                "vendor": "google",
                "versions": [
                  {
                    "lessThan": "104.0.5112.79",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T15:37:08.250805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T15:39:29.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "104.0.5112.79",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-20T00:00:00.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html"
            },
            {
              "url": "https://crbug.com/1316960"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2022-2743",
        "datePublished": "2023-01-02T00:00:00.000Z",
        "dateReserved": "2022-08-09T00:00:00.000Z",
        "dateUpdated": "2024-10-22T15:39:29.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3180 (GCVE-0-2014-3180)

    Vulnerability from nvd – Published: 2019-11-06 19:22 – Updated: 2024-08-06 10:35 Disputed
    VLAI
    Summary
    In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
    Severity
    No CVSS data available.
    CWE
    • out-of-bounds read
    Assigner
    References
    Impacted products
    Vendor Product Version
    Linux kernel Affected: before 3.17
    Create a notification for this product.
    Date Public
    2014-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:35:57.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2014/9/7/29"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 3.17"
                }
              ]
            }
          ],
          "datePublic": "2014-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T19:22:03.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2014/9/7/29"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-3180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 3.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "out-of-bounds read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827"
                },
                {
                  "name": "https://lkml.org/lkml/2014/9/7/29",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2014/9/7/29"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-3180",
        "datePublished": "2019-11-06T19:22:03.000Z",
        "dateReserved": "2014-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:35:57.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16508 (GCVE-0-2019-16508)

    Vulnerability from nvd – Published: 2019-10-01 11:07 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:39.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-01T11:07:51.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-16508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-16508",
        "datePublished": "2019-10-01T11:07:51.000Z",
        "dateReserved": "2019-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:39.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5179 (GCVE-0-2016-5179)

    Vulnerability from nvd – Published: 2018-03-06 22:00 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039"
              },
              {
                "name": "93260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93260"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-06T21:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039"
            },
            {
              "name": "93260",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93260"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-5179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039"
                },
                {
                  "name": "93260",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93260"
                },
                {
                  "name": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html",
                  "refsource": "CONFIRM",
                  "url": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-5179",
        "datePublished": "2018-03-06T22:00:00.000Z",
        "dateReserved": "2016-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15400 (GCVE-0-2017-15400)

    Vulnerability from nvd – Published: 2018-02-07 23:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
    Severity
    No CVSS data available.
    CWE
    • Script injection
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4243 vendor-advisoryx_refsource_DEBIAN
    https://chromereleases.googleblog.com/2017/10/sta… x_refsource_MISC
    https://crbug.com/777215 x_refsource_MISC
    https://security.gentoo.org/glsa/201908-08 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    n/a Google Chrome OS prior to 62.0.3202.74 Affected: Google Chrome OS prior to 62.0.3202.74
    Date Public
    2017-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:26.090Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4243",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4243"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://crbug.com/777215"
              },
              {
                "name": "GLSA-201908-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Google Chrome OS prior to 62.0.3202.74",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Google Chrome OS prior to 62.0.3202.74"
                }
              ]
            }
          ],
          "datePublic": "2017-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-15T17:06:09.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "DSA-4243",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4243"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://crbug.com/777215"
            },
            {
              "name": "GLSA-201908-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2017-15400",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Google Chrome OS prior to 62.0.3202.74",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Google Chrome OS prior to 62.0.3202.74"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4243",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4243"
                },
                {
                  "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html",
                  "refsource": "MISC",
                  "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"
                },
                {
                  "name": "https://crbug.com/777215",
                  "refsource": "MISC",
                  "url": "https://crbug.com/777215"
                },
                {
                  "name": "GLSA-201908-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2017-15400",
        "datePublished": "2018-02-07T23:00:00.000Z",
        "dateReserved": "2017-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:26.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15397 (GCVE-0-2017-15397)

    Vulnerability from nvd – Published: 2018-02-07 23:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
    Severity
    No CVSS data available.
    CWE
    • Inappropriate implementation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Google Chrome OS prior to 62.0.3202.74 Affected: Google Chrome OS prior to 62.0.3202.74
    Date Public
    2017-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:25.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wwws.nightwatchcybersecurity.com/2018/01/01/chromeos-doesnt-always-use-ssl-during-startup-cve-2017-15397/"
              },
              {
                "name": "102435",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102435"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://crbug.com/627300"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Google Chrome OS prior to 62.0.3202.74",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Google Chrome OS prior to 62.0.3202.74"
                }
              ]
            }
          ],
          "datePublic": "2017-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inappropriate implementation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-08T10:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wwws.nightwatchcybersecurity.com/2018/01/01/chromeos-doesnt-always-use-ssl-during-startup-cve-2017-15397/"
            },
            {
              "name": "102435",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102435"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://crbug.com/627300"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2017-15397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Google Chrome OS prior to 62.0.3202.74",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Google Chrome OS prior to 62.0.3202.74"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Inappropriate implementation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wwws.nightwatchcybersecurity.com/2018/01/01/chromeos-doesnt-always-use-ssl-during-startup-cve-2017-15397/",
                  "refsource": "MISC",
                  "url": "https://wwws.nightwatchcybersecurity.com/2018/01/01/chromeos-doesnt-always-use-ssl-during-startup-cve-2017-15397/"
                },
                {
                  "name": "102435",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102435"
                },
                {
                  "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html",
                  "refsource": "MISC",
                  "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html"
                },
                {
                  "name": "https://crbug.com/627300",
                  "refsource": "MISC",
                  "url": "https://crbug.com/627300"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2017-15397",
        "datePublished": "2018-02-07T23:00:00.000Z",
        "dateReserved": "2017-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:25.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6044 (GCVE-0-2025-6044)

    Vulnerability from cvelistv5 – Published: 2025-07-07 18:58 – Updated: 2025-07-09 18:35
    VLAI
    Summary
    An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Files or Directories Accessible to External Parties
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16238.64.0 , < 16238.64.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T14:32:43.961731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T17:35:37.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16238.64.0",
                  "status": "affected",
                  "version": "16238.64.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Files or Directories Accessible to External Parties",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-09T18:35:08.612Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/421184743"
            },
            {
              "url": "https://issues.chromium.org/issues/b/421184743"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-6044",
        "datePublished": "2025-07-07T18:58:45.456Z",
        "dateReserved": "2025-06-12T21:41:59.445Z",
        "dateUpdated": "2025-07-09T18:35:08.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6179 (GCVE-0-2025-6179)

    Vulnerability from cvelistv5 – Published: 2025-06-16 16:56 – Updated: 2025-06-17 14:01
    VLAI
    Title
    ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
    Summary
    Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Permissions Bypass / Privilege Escalation
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16181.27.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T13:59:34.942717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T14:01:39.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "status": "affected",
                  "version": "16181.27.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Permissions Bypass in Extension Management in Google ChromeOS         16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Permissions Bypass / Privilege Escalation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T16:56:37.722Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/399652193"
            },
            {
              "url": "https://issues.chromium.org/issues/b/399652193"
            }
          ],
          "title": "ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-6179",
        "datePublished": "2025-06-16T16:56:37.722Z",
        "dateReserved": "2025-06-16T16:50:44.449Z",
        "dateUpdated": "2025-06-17T14:01:39.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6177 (GCVE-0-2025-6177)

    Vulnerability from cvelistv5 – Published: 2025-06-16 16:43 – Updated: 2026-02-26 17:50
    VLAI
    Title
    ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked
    Summary
    Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Privilege Escalation
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16063.45.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6177",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T03:55:14.027491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:35.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "status": "affected",
                  "version": "16063.45.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T16:43:44.191Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/382540412"
            },
            {
              "url": "https://issues.chromium.org/issues/b/382540412"
            }
          ],
          "title": "ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-6177",
        "datePublished": "2025-06-16T16:43:44.191Z",
        "dateReserved": "2025-06-16T16:30:47.684Z",
        "dateUpdated": "2026-02-26T17:50:35.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2509 (GCVE-0-2025-2509)

    Vulnerability from cvelistv5 – Published: 2025-05-06 00:59 – Updated: 2026-02-26 18:29
    VLAI
    Summary
    Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Memory Corruption
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16093.57.0 , < 16093.57.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T03:55:47.322940Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:29:03.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16093.57.0",
                  "status": "affected",
                  "version": "16093.57.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-Bounds Read in Virglrenderer in ChromeOS  16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Memory Corruption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:07.601Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/385851796"
            },
            {
              "url": "https://issues.chromium.org/issues/b/385851796"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-2509",
        "datePublished": "2025-05-06T00:59:32.231Z",
        "dateReserved": "2025-03-18T20:10:07.777Z",
        "dateUpdated": "2026-02-26T18:29:03.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1290 (GCVE-0-2025-1290)

    Vulnerability from cvelistv5 – Published: 2025-04-17 00:13 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use-After-Free (UAF)
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 15474.84.0 , < 15474.84.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1290",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T13:25:56.436790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T13:26:51.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "15474.84.0",
                  "status": "affected",
                  "version": "15474.84.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-After-Free (UAF)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:07.309Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/301886931"
            },
            {
              "url": "https://issues.chromium.org/issues/b/301886931"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1290",
        "datePublished": "2025-04-17T00:13:35.225Z",
        "dateReserved": "2025-02-13T22:19:47.467Z",
        "dateUpdated": "2025-05-08T19:15:07.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1568 (GCVE-0-2025-1568)

    Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-20 14:33
    VLAI
    Summary
    Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code execution
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16063.87.0 , < 16063.87.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T15:46:13.539057Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-20T14:33:23.211Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16063.87.0",
                  "status": "affected",
                  "version": "16063.87.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit\u0027s project.config."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:07.092Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/374279912"
            },
            {
              "url": "https://issues.chromium.org/issues/b/374279912"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1568",
        "datePublished": "2025-04-16T23:06:28.902Z",
        "dateReserved": "2025-02-21T22:33:59.174Z",
        "dateUpdated": "2025-05-20T14:33:23.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2073 (GCVE-0-2025-2073)

    Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-Bounds Read
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: Kernal version 6.1, 5.15. 5.10, 4.19 chromeOS version 16093.103.0 , < Kernal version 6.1, 5.15. 5.10, 4.19 chromeOS version 16093.103.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T15:47:09.192243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T19:44:40.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
                  "status": "affected",
                  "version": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-Bounds Read",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:06.866Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/380043638"
            },
            {
              "url": "https://issues.chromium.org/issues/b/380043638"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-2073",
        "datePublished": "2025-04-16T23:06:28.608Z",
        "dateReserved": "2025-03-06T20:11:52.646Z",
        "dateUpdated": "2025-05-08T19:15:06.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1704 (GCVE-0-2025-1704)

    Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Use-After-Free (UAF)
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 15823.23.0 , < 15823.23.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T15:48:23.843965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T19:45:03.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "15823.23.0",
                  "status": "affected",
                  "version": "15823.23.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use-After-Free (UAF)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:06.471Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/359915523"
            },
            {
              "url": "https://issues.chromium.org/issues/b/359915523"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1704",
        "datePublished": "2025-04-16T23:06:28.279Z",
        "dateReserved": "2025-02-25T23:19:38.958Z",
        "dateUpdated": "2025-05-08T19:15:06.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1566 (GCVE-0-2025-1566)

    Vulnerability from cvelistv5 – Published: 2025-04-16 23:06 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Network Security Isolation (NSI)
    • CWE-1319 - Improper Protection against Electromagnetic Fault Injection (EM-FI)
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 16002.23.0 , < 16002.23.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T13:32:48.693962Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1319",
                    "description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T19:45:29.043Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "16002.23.0",
                  "status": "affected",
                  "version": "16002.23.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Network Security Isolation (NSI)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:06.169Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/342802975"
            },
            {
              "url": "https://issues.chromium.org/issues/b/342802975"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1566",
        "datePublished": "2025-04-16T23:06:27.847Z",
        "dateReserved": "2025-02-21T21:30:53.937Z",
        "dateUpdated": "2025-05-08T19:15:06.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1121 (GCVE-0-2025-1121)

    Vulnerability from cvelistv5 – Published: 2025-03-06 23:49 – Updated: 2025-05-08 19:15
    VLAI
    Summary
    Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code execution and Privilege Escalation
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Google ChromeOS Affected: 15786.48.2 , < 15786.48.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1121",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T19:38:04.878602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-07T19:39:15.501Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://issuetracker.google.com/issues/336153054"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ChromeOS",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "15786.48.2",
                  "status": "affected",
                  "version": "15786.48.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code execution and \nPrivilege Escalation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-08T19:15:05.506Z",
            "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
            "shortName": "ChromeOS"
          },
          "references": [
            {
              "url": "https://issuetracker.google.com/issues/336153054"
            },
            {
              "url": "https://issues.chromium.org/issues/b/336153054"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "assignerShortName": "ChromeOS",
        "cveId": "CVE-2025-1121",
        "datePublished": "2025-03-06T23:49:03.219Z",
        "dateReserved": "2025-02-07T18:26:21.569Z",
        "dateUpdated": "2025-05-08T19:15:05.506Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2743 (GCVE-0-2022-2743)

    Vulnerability from cvelistv5 – Published: 2023-01-02 00:00 – Updated: 2024-10-22 15:39
    VLAI
    Summary
    Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Integer overflow
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: unspecified , < 104.0.5112.79 (custom)
    Create a notification for this product.
    google chrome Affected: 0 , < 104.0.5112.79 (custom)
        cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:04.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://crbug.com/1316960"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "chrome",
                "vendor": "google",
                "versions": [
                  {
                    "lessThan": "104.0.5112.79",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-22T15:37:08.250805Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-22T15:39:29.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "104.0.5112.79",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-20T00:00:00.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html"
            },
            {
              "url": "https://crbug.com/1316960"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2022-2743",
        "datePublished": "2023-01-02T00:00:00.000Z",
        "dateReserved": "2022-08-09T00:00:00.000Z",
        "dateUpdated": "2024-10-22T15:39:29.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-3180 (GCVE-0-2014-3180)

    Vulnerability from cvelistv5 – Published: 2019-11-06 19:22 – Updated: 2024-08-06 10:35 Disputed
    VLAI
    Summary
    In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
    Severity
    No CVSS data available.
    CWE
    • out-of-bounds read
    Assigner
    References
    Impacted products
    Vendor Product Version
    Linux kernel Affected: before 3.17
    Create a notification for this product.
    Date Public
    2014-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:35:57.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2014/9/7/29"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 3.17"
                }
              ]
            }
          ],
          "datePublic": "2014-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "out-of-bounds read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T19:22:03.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2014/9/7/29"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2014-3180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 3.17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "out-of-bounds read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=408827"
                },
                {
                  "name": "https://lkml.org/lkml/2014/9/7/29",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2014/9/7/29"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2014-3180",
        "datePublished": "2019-11-06T19:22:03.000Z",
        "dateReserved": "2014-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:35:57.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16508 (GCVE-0-2019-16508)

    Vulnerability from cvelistv5 – Published: 2019-10-01 11:07 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:39.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-01T11:07:51.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-16508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-16508",
        "datePublished": "2019-10-01T11:07:51.000Z",
        "dateReserved": "2019-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:39.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5179 (GCVE-0-2016-5179)

    Vulnerability from cvelistv5 – Published: 2018-03-06 22:00 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039"
              },
              {
                "name": "93260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93260"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-06T21:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039"
            },
            {
              "name": "93260",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93260"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-5179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=649039"
                },
                {
                  "name": "93260",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93260"
                },
                {
                  "name": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html",
                  "refsource": "CONFIRM",
                  "url": "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-5179",
        "datePublished": "2018-03-06T22:00:00.000Z",
        "dateReserved": "2016-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }