EUVD-2025-18418
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
Analysis
Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.
Technical Context
The vulnerability resides in Google ChromeOS MiniOS, a minimal operating system environment used during the boot sequence and recovery operations on ChromeOS devices. The root cause is classified under CWE-269 (Improper Access Control / Uncontrolled Resource Consumption), indicating inadequate privilege validation and access restrictions on the VT3 debug console. The VT3 console is a debugging interface that should be restricted but remains accessible through specific key combinations even when developer mode is disabled by device policy or Firmware Write Protect (FWMP). Affected CPE would be: cpe:2.3:o:google:chrome_os:16063.45.2:*:*:*:*:*:*:* and potentially cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* for broader version ranges. The vulnerability exploits improper access control to a privileged debug interface, allowing escalation from local unprivileged context to root.
Affected Products
Affected Products and Versions: (1) Google ChromeOS version 16063.45.2 (confirmed vulnerable); (2) Potentially other ChromeOS 16063.x versions and earlier releases (unspecified); (3) Specifically affects enrolled devices (managed by enterprise MDM/device management policies); (4) Devices with Firmware Write Protect (FWMP) enabled are still vulnerable, indicating protection bypass. The vulnerability impacts ChromeOS devices regardless of the 'developer mode disabled' policy setting. No specific vendor advisory links were provided in the source data. Affected devices typically include Chromebooks and ChromeOS boxes managed by enterprise administrators.
Remediation
Patch and Mitigation Strategies: (1) Primary Remediation: Update to ChromeOS version beyond 16063.45.2 (specific patched version not provided in source data - check Google ChromeOS release notes and security advisories for the patched version); (2) Interim Mitigations for unpatched systems: Enforce strict physical security controls to prevent unauthorized local access to devices; (3) Ensure Firmware Write Protect (FWMP) and developer mode restrictions remain enabled (note: these do not block the vulnerability but are part of defense-in-depth); (4) Monitor ChromeOS devices for unauthorized MiniOS or boot sequence access attempts; (5) Review device enrollment and MDM policies to restrict local access to enrolled devices; (6) Deploy Google ChromeOS security updates through your MDM solution as they become available. Administrators should check Google's official ChromeOS security page and their device management console for patch availability and deployment status.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today