CVE-2025-1704
MEDIUMGoogle ChromeOS 15823.23.0 - Use-After-Free in ComponentInstaller
Title source: llmDescription
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
References (2)
Core 2
Core References
Broken Link
https://issues.chromium.org/issues/b/359915523
Exploit, Issue Tracking, Mailing List
https://issuetracker.google.com/issues/359915523
Scores
CVSS v3
6.5
EPSS
0.0037
EPSS Percentile
59.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
google/chrome_os
15823.23.0
Published
Apr 16, 2025
Tracked Since
Feb 18, 2026