—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Google ChromeOS 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google ChromeOS version prior to 138.0.7204.300 (Platform Version: 16295.85.0)

Overview

Multiple vulnerabilities have been reported in Google ChromeOS, which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using ChromeOS.

Risk Assessment:

High risk of remote code execution..

Impact Assessment:

Potential for memory corruption.

Description

ChromeOS is a lightweight operating system designed by Google, primarily for use on Chromebooks. It is optimized for fast web browsing, cloud computing, and seamless integration with Google services, provide a simple and secure environment for everyday computing task.

Multiple vulnerabilities exist in Google ChromeOS due to Out of bounds read in WebXR, Bad cast in Loader, use-after-free vulnerability with an attack surface on the epoll system call interface and Inappropriate implementation in DevTools. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor

https://chromereleases.googleblog.com/2026/01/long-term-support-channel-update-for.html

Vendor Information

Google Chrome

https://chromereleases.googleblog.com/2026/01/long-term-support-channel-update-for.html

References

Google Chrome

https://chromereleases.googleblog.com/2026/01/long-term-support-channel-update-for.html

CVE Name

CVE-2025-12443

CVE-2025-13720

CVE-2025-38349

CVE-2025-13632

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlg+N4ACgkQ3jCgcSdc

ys9y+g//ap5upa20oNkG38bR4OKGG210SAtldiwrVijcVv8Ifqft0aPjw7vO4j5i

nHFUTCdomtdDrXqRMgiqdOe25UUWKc249J0c3JJs1BCG6xj67B5B0/8GcvKZiBuM

3h+oBuWF2vrhfc3S6NgbXr1/RqNV9Bv/WSeYDejIH2P03T1r+DVCYiCoDVjYTRkJ

rye92nPI0cCS3VEBx64yvG/cbTYsmbYNHK+hKXO86fJt8+nl0ICVJn2/wAiFFiMc

ahW3kloo12GDg+jQ3xLGMLplJi8N2biEL4AHEu+S+BOtjaLA7XIeYiroeWrPyNBg

/+KZWvfvgAfewaPs5vODBd6/VcLEUAtBpJ3kgYwWpIvYv54rbEOMgxJy5NkrqxMQ

O0kX9zCcsXCDF8kFEMP/pzQYj678Z6XR6DDDgHMfWAiAeICJxqxSC3lbjiPvflke

RUOPokBE+6kSWGe8+mus3rZSOpgXOoz3I8b5uinjzRz2ExijQagPV3QleCi5o5Ul

NRtaVoSlYrjtM4CuZi2F/nPDmwFG5vomKyvnoEcVeCLe2mRIAPkv7V5LcmArGUIg

TrvP8v2sCn8cWzVVkzp+x9W7EPJr69mWCQKxhw/0Qed9mXWQIlBzxmwqzazOQi+y

vtY0kZJeRWvP0Hj7OI3Fs91FBLU1jdY4o2i93B+L6YWmT3VvMDg=

=Ku5d

—–END PGP SIGNATURE—–