Skip to main content

Chrome Os CVE-2025-6044

| EUVDEUVD-2025-20310 MEDIUM
Improper Authentication (CWE-287)
2025-07-07 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
16238.64.0
EUVD ID Assigned
Mar 16, 2026 - 03:37 euvd
EUVD-2025-20310
Analysis Generated
Mar 16, 2026 - 03:37 vuln.today
CVE Published
Jul 07, 2025 - 19:15 nvd
MEDIUM 6.1

DescriptionCVE.org

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

Analysis

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

CVE-2025-6179 CRITICAL POC
9.8 Jun 16

Critical permissions bypass vulnerability in Google Chrome OS 16181.27.0 that allows local attackers to disable extensio

CVE-2025-2073 HIGH POC
8.8 Apr 16

Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with

CVE-2025-1290 HIGH POC
8.1 Apr 17

A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4

CVE-2025-2509 HIGH POC
7.8 May 06

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address acce

CVE-2019-16508 HIGH POC
7.8 Oct 01

The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0

CVE-2012-2864 CRITICAL
10.0 Aug 22

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook pl

CVE-2014-3188 CRITICAL
10.0 Oct 08

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and

CVE-2014-1708 CRITICAL
10.0 Mar 16

The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allo

CVE-2025-1704 MEDIUM POC
6.5 Apr 16

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users

CVE-2013-2833 CRITICAL
10.0 Apr 16

Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause

CVE-2012-0695 CRITICAL
10.0 Jan 12

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48

CVE-2013-0915 CRITICAL
10.0 Mar 18

The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have

Share

CVE-2025-6044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy