Multiple Google ChromeOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-1704 CVSS:7.8

Google ChromeOS could allow a local authenticated attacker to unenroll devices and intercept device management requests, caused by a flaw in the ComponentInstaller.

CVE-2025-1568 CVSS:8.8

Google ChromeOS could allow a remote attacker to execute arbitrary code or cause a denial of service condition, caused by improper access control when editing trusted pipelines.

CVE-2025-1566 CVSS:7.5

Google ChromeOS could allow a remote attacker to obtain plaintext DNS queries information, caused by failure to properly tunnel DNS traffic during VPN state transitions.

Impact

Security Bypass
Code Execution
Information Disclosure

Indicators of Compromise

CVE

CVE-2025-1704
CVE-2025-1568
CVE-2025-1566

Affected Vendors

Google

Affected Products

Google ChromeOS - 124.0.6367.34
Google ChromeOS - 131.0.6778.268
Google ChromeOS - 129.0.6668.36

Remediation

Upgrade to the latest version of ChromeOS, available from the ChromeOS Website.

CVE-2025-1704

CVE-2025-1568

CVE-2025-1566

Multiple Apple Products Vulnerabilities

Hackers Exploit WinRM for Stealthy Active Directory Navigation

Multiple Google ChromeOS Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan