ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked

June 16, 2025 invoker category_cve

CVE Details

Basic Information

Title ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked
Type cve
Published 2025-06-16T16:43:44.191Z
Last Seen

Product Information

Vendor Google
Product ChromeOS
Version 16063.45.2

CVSS Information

Base Score 0.0 ()
Attack Vector
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A privilege escalation vulnerability in ChromeOS’s MiniOS allows local attackers to gain root code execution by exploiting a debug shell, even when developer mode is blocked.
AI Severity Critical
Vendor Google
Product ChromeOS
Affected Version 16063.45.2

Affected Products

  • Google ChromeOS 16063.45.2

Additional Information

CVE List
CWE List
Bulletin Family

Description

Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.