CVE-2025-1292
MEDIUMGoogle ChromeOS 122.0.6261.132 - Out-of-bounds Write in TPM2 Reference Library via NV_Read
Title source: llmDescription
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
References (2)
Core 2
Core References
Broken Link
https://issues.chromium.org/issues/b/324336238
Exploit, Issue Tracking
https://issuetracker.google.com/issues/324336238
Scores
CVSS v3
6.7
EPSS
0.0001
EPSS Percentile
0.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (1)
google/chrome
122.0.6261.132
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026