ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices 
and intercept device management requests via loading components from the unencrypted stateful partition.
                
            References
                    | Link | Resource | 
|---|---|
| https://issues.chromium.org/issues/b/359915523 | Broken Link | 
| https://issuetracker.google.com/issues/359915523 | Issue Tracking Mailing List Exploit | 
Configurations
                    History
                    11 Jul 2025, 14:15
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time | Google chrome Os | |
| References | () https://issues.chromium.org/issues/b/359915523 - Broken Link | |
| References | () https://issuetracker.google.com/issues/359915523 - Issue Tracking, Mailing List, Exploit | |
| CPE | cpe:2.3:o:google:chrome_os:15823.23.0:*:*:*:*:*:*:* | |
| Summary | 
 | |
| Summary | (en) ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition. | 
17 Apr 2025, 16:15
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : unknown v3 : 6.5 | 
17 Apr 2025, 14:15
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : unknown v3 : 9.8 | 
| CWE | CWE-416 | 
16 Apr 2025, 23:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-04-16 23:15
Updated : 2025-07-11 14:15
NVD link : CVE-2025-1704
Mitre link : CVE-2025-1704
CVE.ORG link : CVE-2025-1704
JSON object : View
Products Affected
                - chrome_os
CWE
                
                    
                        
                        CWE-416
                        
            Use After Free
