CVE-2025-1704 | THREATINT

Description

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

PUBLISHED Reserved 2025-02-25 | Published 2025-04-16 | Updated 2025-05-08 | Assigner ChromeOS

Problem types

Use-After-Free (UAF)

Product status

15823.23.0 (custom) before 15823.23.0

affected

References

issuetracker.google.com/issues/359915523

issues.chromium.org/issues/b/359915523

cve.org (CVE-2025-1704)

nvd.nist.gov (CVE-2025-1704)

Download JSON