https://www.neowin.net/news/meet-sh1mmer-the-big-bad-chromebook-exploit-no-one-is-talking-about/
SH1MMER (Shady Hacking 1nstrument Makes Machine Enrollment Retreat) is a potentially dangerous exploit capable of completely unenrolling enterprise-managed Chromebooks from their respective organizations, but useful for Chromebook owners who want to use the operating system while still maintaining their privacy. It was discovered by the Mercury Workshop team and was released on Friday, January 13th, 2023 (Friday the 13th but has mostly flown under the radar). We’re unsure if the release date is a publicity stunt is merely a coincidence.
The exploit takes advantage of the ChromeOS shim kernel, specifically modified RMA factory shims, to gain code execution at recovery. RMA shims are factory tools that allow certain authorization functions to be signed, but only the KERNEL partitions are checked for signatures by the firmware. As a result, the other partitions can be edited as long as the forced read-only bit is removed. In simple terms, the exploit grants root access to all the filesystems on the Chrome OS device…
