Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1704

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

Published

2025-04-16T23:15:44.937

Last Modified

2025-07-11T14:15:07.663

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	chrome_os	15823.23.0	Yes

References

https://issues.chromium.org/issues/b/359915523 Broken Link (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/359915523 Issue Tracking, Mailing List, Exploit (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)