CVE-2025-6044 | THREATINT

Description

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

PUBLISHED Reserved 2025-06-12 | Published 2025-07-07 | Updated 2025-07-09 | Assigner ChromeOS

Problem types

Files or Directories Accessible to External Parties

Product status

16238.64.0 (custom) before 16238.64.0

affected

References

issuetracker.google.com/issues/421184743

issues.chromium.org/issues/b/421184743

cve.org (CVE-2025-6044)

nvd.nist.gov (CVE-2025-6044)

Download JSON