📦 Chrome Os

This vulnerability allows a local attacker on managed ChromeOS devices to bypass extension management controls, disable existing extensions, and access Developer Mode to load unauthorized extensions. ...

This vulnerability allows a local attacker with physical access to gain root code execution on enrolled ChromeOS devices by exploiting a debug shell accessible during developer mode entry. It affects ...

This vulnerability allows a malicious guest virtual machine to perform out-of-bounds memory reads within the crosvm sandboxed process on ChromeOS. Attackers could potentially access arbitrary memory a...

A race condition use-after-free vulnerability in ChromeOS Kernel 5.4's virtio_transport_space_update function allows concurrent allocation and freeing of virtio_vsock_sock structures during AF_VSOCK c...

This vulnerability allows a local attacker with low privileges to trigger an out-of-bounds read in the netfilter/ipset subsystem of the Linux kernel. This could lead to information disclosure by readi...

A DNS leak vulnerability in ChromeOS's native VPN implementation allows network observers to intercept plaintext DNS queries during VPN state transitions. This affects ChromeOS Dev Channel users runni...

This vulnerability in ChromeOS ComponentInstaller allows enrolled users with physical access to unenroll devices from enterprise management and intercept management requests. It affects ChromeOS devic...

This vulnerability allows an attacker with physical access to a ChromeOS device to escalate privileges to root and potentially unenroll enterprise-managed devices by using a specially crafted recovery...