CVE-2021-30605
HIGHChromeOS Readiness Tool <1.0.2.0 - Privilege Escalation
Title source: llmDescription
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://crbug.com/1240952
Third Party Advisory x_refsource_misc
https://bit.ly/37CS6G9
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
google/chrome_os_readiness_tool
< 1.0.2.0
Published
Sep 08, 2021
Tracked Since
Feb 18, 2026