Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical ChromeOS Vulnerability: Full System Compromise via Chrome Extensions

2025-05-28

A security researcher discovered a critical vulnerability in ChromeOS's file manager that allows malicious Chrome extensions to gain complete system control. Exploiting a filesystem:chrome://file-manager URL, the vulnerability allows reading and writing user files and executing arbitrary code. The flaw leverages outdated JavaScript APIs in ChromeOS and misconfigurations of chrome:// page permissions. The attacker can achieve full system compromise, accessing user data, modifying system settings, and even executing malicious code via Crostini. While patched, the vulnerability highlights the risk of long-standing design choices in large, complex systems like Chrome/ChromeOS.

(0x44.xyz)
Tech ChromeOS vulnerability