• Google Project Zero: high severity USB vulnerability in Chrome OS

    Home » Forums » AskWoody support » Non-Windows operating systems (Chromebooks/Android) » Chromebooks and ChromeOS » Google Project Zero: high severity USB vulnerability in Chrome OS

    Author
    Topic
    Alex5723
    AskWoody Plus
    May 27, 2022 at 11:51 am #2449343

    https://bugs.chromium.org/p/project-zero/issues/detail?id=2264&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids

    ChromeOS’ usage of usbguard is bypassable

    VULNERABILITY DETAILS
    ChromeOS uses https://usbguard.github.io/ when the screen is locked (but not on the login screen, perhaps because it is expected that code execution is much less helpful when the disk is still encrypted?)…

    2022-02-24 issue triaged by Chromium (as Severity-Low)

    Note that this issue is that a mitigation doesn’t work; this is not exploitable on its own, but it exposes extra attack surface to USB devices that are inserted while the screen is locked.

    [Moderator edit] edited for readability

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • Paul T
      AskWoody MVP
      May 28, 2022 at 12:43 am #2449428

      Contrary to the title of this thread, the severity is rated low by Chromium. It requires physical access, special hardware and does not (yet) have an exploit.

      cheers, Paul

      Reply | Quote
    • Alex5723
      AskWoody Plus
      May 28, 2022 at 4:21 am #2449445
      Paul T wrote:

      does not (yet) have an exploit.

      Now after the publication there will be.

      Reply | Quote
      • Paul T
        AskWoody MVP
        May 28, 2022 at 8:06 am #2449480

        Still need physical access and special hardware. Severity still = low.

        cheers, Paul

        1 user thanked author for this post.
        Alex5723
        Reply | Quote
    Viewing 1 reply thread
    Reply To: Google Project Zero: high severity USB vulnerability in Chrome OS

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.