CVE-2025-1704: ComponentInstaller Vulnerability Allowing Chromebook Unenrollment and Potential Device Management Key Interception in ChromeOS
First published: Wed Apr 16 2025(Updated: )
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 124.0.6367.34 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
Credit: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1704?
CVE-2025-1704 is rated as high severity due to its potential to allow unauthorized device unenrollment and interference with management requests.
How do I fix CVE-2025-1704?
To mitigate CVE-2025-1704, ensure your Google ChromeOS is updated to the latest version where the vulnerability has been addressed.
What are the potential impacts of CVE-2025-1704?
CVE-2025-1704 can allow enrolled users with local access to unenroll devices and intercept device management communications.
Who is affected by CVE-2025-1704?
CVE-2025-1704 affects users of Google ChromeOS, particularly those with local access to enrolled devices.
When was CVE-2025-1704 reported?
CVE-2025-1704 was reported in March 2025 as a security issue within Google ChromeOS.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- vendor/google
- canonical/google chrome os