Google ChromeOS Privilege Escalation Vulnerability Allowing Root Code Execution on Managed Devices

A privilege escalation vulnerability has been identified in Google ChromeOS version 15786.48.2. This issue arises in the handling of installers and recovery images, allowing an attacker with physical access to a device to execute root code. The vulnerability could also be used to unenroll enterprise-managed devices by manipulating the recovery image.

Impact

Exploitation of this vulnerability leads to unauthorized root access on the device, allowing for potential modifications to the system and the ability to unenroll the device from enterprise management.

Reproduction

The vulnerability can be reproduced by modifying a recovery image to include a payload that executes a script as root. This modified image is then applied to a Chromebook via a USB drive. The recovery process inadvertently executes the payload, resulting in root access.

Remediation

Users can update to the latest version of ChromeOS, where this vulnerability has been fixed.