CVE-2025-1704

Summary

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeOS15823.23.0 < 15823.23.0affected

Weaknesses

  • Use-After-Free (UAF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References