CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.5%
The Stable channel 53.0.2785.144 (Platform version: 8530.93.0) has been released for all Chrome OS devices. This build contains a number of bug fixes, security updates and a kernel key version update in the TPM. Systems will be receiving updates over the next several days.
Security Fixes:
This update includes these security fixes. Special note and congratulations to an anonymous security researcher for an excellent Pwnium entry: a chain of exploits that gains code execution in guest mode across reboots, delivered via web page. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future.
[$100,000][648971] Persistent code execution on Chrome OS. Credit to anonymous.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using 'Report an issueโฆ' in the Chrome menu (3 vertical dots in the upper right corner of the browser).
Ketaki Deshpande
Google Chrome
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.5%