Out-Of-Bounds Write Vulnerability in ChromeOS by Google
CVE-2025-1292
6.7MEDIUM
What is CVE-2025-1292?
An Out-Of-Bounds Write vulnerability exists in the TPM2 Reference Library within Google ChromeOS 122.0.6261.132 for Cr50 Boards. This weakness permits an attacker with root access to exploit the NV_Read functionality during the Challenge-Response process. By manipulating this flaw, attackers can gain persistent access and circumvent essential operating system verification processes, thereby undermining the integrity and security of the device.
Affected Version(s)
ChromeOS 122.0.6261.132