The Sh1mmer Exploit is a Chromebook unenrollment tool that allows users to unenroll Chromebooks from Google Enterprise Workspace. Google has not released an ETA on a patch for this they have released mitigation practices to help prevent this exploit from working.
- Turn off enrollment permissions for most users. This will require users to identify themselves in order to properly re-enroll on a device that was unenrolled.
- Open your Admin Console at: https://admin.google.com/
- On the left panel, expand “Devices” > “Chrome” > “Settings”, then click on “Users & Browsers”.
- Select the organizational unit(s) of the users that you wish to remove enrollment permissions.
- Under “Enrollment Controls”, change the “Enrollment permissions” setting to “Do not allow users in this organization to enroll new or re-enroll existing devices”.
- On managed Chromebooks, block access to chrome://net-export so that users cannot capture wireless credentials. This can be achieved with the URL blocklist policy.
- Additionally, Block access to the following websites that have been used to spread exploit tools and information using URLBlocklist as well as via content filtering products:
- sh1mmer.me
- alicesworld.tech
- luphoria.com
- bypassi.com