CVE-2025-2509

HIGH 7.8

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

Vendor	google
Product	chromeos
Ecosystems	Android Cloud Chrome
Industries	Technology
Published	May 6, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for google chromeos

Be the first to know when new high vulnerabilities affecting google chromeos are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google / ChromeOS

16093.57.0 < 16093.57.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

issuetracker.google.com: https://issuetracker.google.com/issues/385851796 issues.chromium.org: https://issues.chromium.org/issues/b/385851796