New SH1MMER ChromeOS Exploit Jailbreaks Chromebooks

Researchers have devised a ChromeOS exploit that unlocks enterprise-managed Chromebooks. While Google is addressing the matter, the “SH1MMER” exploit for Chromebooks continues to exist and function accordingly.

About SH1MMER Exploit For Chromebooks

The research team from the Mercury Workshop team has developed a novel ChromeOS exploit to jailbreak Chromebooks. Dubbed “SH1MMER,” the exploit is actually a crafted RMA Shim that allows unenrolling managed Chromebooks.

As a standard, an RMA Shim (Return Merchandise Authorization shim) image encloses existing ChromeOS factory bundle components, including the Factory install shim, HWID bundle, Release Image (FSI), Factory toolkit, test image, and other components like firmware, into a single disk. It enables vendors to perform repair services on Chromebooks.

In the case of SH1MMER, the altered shim allows users to boot managed Chromebooks from an appropriate recovery mode to unenroll the device. Doing so requires flashing the drive image on a USB stick that can later invoke the recovery mode on the target Chromebook.

The researchers have shared the details about the exploit on a dedicated website. Briefly, this exploit requires the users to download the sh1mmer bin, the Chromebook Recovery Utility extension, and create their own sh1mmer binary using the sh1mmer web builder. After that, the user can create the Chromebook recovery media on a USB drive.

Once done, rebooting the Chromebook via the recovery mode through this USB will take the user to the SH1MMER menu.

From here, the user can perform the desired activity with complete control of the Chromebook, without fearing spyware or blockers.

Google Working On A Fix

After the exploit went public, it attracted Google’s attention, following which the tech giant confirmed that it was working on a fix. However, according to Google’s statement, remediating the issue will take some time.

Google is aware of an issue affecting a number of ChromeOS devices, which requires Google to collaborate with ecosystem partners on a fix. User data on impacted devices is not exposed. As a security best practice, we recommend Enterprise and Education administrators monitor for unenrolled and inactive ChromeOS devices.

They have also shared different mitigations for the admins to prevent Chromebook users from using the SH1MMER.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients