CVE-2025-1122

MEDIUM

Google Chrome - Out-of-Bounds Write

Title source: rule

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Exploits (1)

nomisec WORKING POC 2 stars

by FWNavy · poc

https://github.com/FWNavy/RMASmoke

View Code ZIP pw:eip

References (2)

[Broken Link] https://issues.chromium.org/issues/b/324336238

[Exploit, Issue Tracking] https://issuetracker.google.com/issues/324336238

Scores

CVSS v3 6.7

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (1)

google/chrome 122.0.6261.132

Published Apr 15, 2025

Tracked Since Feb 18, 2026