Chromeos

This hub aggregates every CVE we track for Chromeos, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Chromeos.

• CVE-2025-6044An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and a...6.1Jul 7, 2025
• CVE-2025-6179ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits9.8Jun 16, 2025
• CVE-2025-6177ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked7.4Jun 16, 2025
• CVE-2025-2509Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape vi...7.8May 6, 2025
• CVE-2025-1290A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock stru...8.1Apr 17, 2025
• CVE-2025-2073Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to info...8.8Apr 16, 2025
• CVE-2025-1704ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management reque...6.5Apr 16, 2025
• CVE-2025-1568Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS proj...8.8Apr 16, 2025
• CVE-2025-1566DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN st...7.5Apr 16, 2025
• CVE-2025-1122Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification ...6.7Apr 15, 2025
• CVE-2025-1292TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS6.7Apr 15, 2025
• CVE-2025-1121Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially un...6.8Mar 6, 2025