Google ChromeOS Improper Access Control Vulnerability in Stylus Tools Component on Lenovo Devices

Vulnerability

A vulnerability allowing improper access control has been identified in the Stylus Tools component of Google ChromeOS, specifically in version 16238.64.0 on Lenovo devices. This vulnerability enables a physical attacker to bypass the lock screen and access user files. The exploitation involves removing the stylus while the device is closed and using the screen capture feature.

Impact

Exploitation of this vulnerability allows for bypassing the lock screen, enabling unauthorized access to user files.

Added: Jul 7, 2025, 7:20 PM

Updated: Jul 7, 2025, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google ChromeOS Improper Access Control Vulnerability in Stylus Tools Component on Lenovo Devices

Vulnerability

Impact

Affected Products

Google ChromeOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating