Welcome to Google Chrome Plugins

Source of Plugins, Themes, Add-ons and information for the Google Chrome Web Browser!

Top Tip: Click here to Fix Windows Errors & Optimize Windows Performance

Researchers Highlight Flaws In Chrome OS Security at Black Hat Conference

by arupchou on August 4, 2011

While Google has billed Chrome OS to be one of the most secure operating system free from traditional security concerns, a couple of Chrome OSresearchers from WhiteHat security revealed at the Black Hat conference that the operating system is prone to may serious attacks. The researchers said to Black Hat attendees that they implied web-based hacker tricks to compromise with the security of the Chrome operating system. The researchers analyzed Chrome powered Cr-48 notebooks and found that users are vulnerable to attacks which can exploit a user’s mail, passwords, documents and several other things which are managed by Google.

The two researchers Matt Johanson and Kyle Osborn the hack allowed them to exploit a user’s Google’s Docs, Google Voice messages, contacts etc. They said that they found the flaw in ScratchPad which is a pre-installed extension in Chrome OS which allows users to save their notes in Google docs. The researchers showed XSS vulnerability in Scratchpad by which an attacker can go through an email of user and send instant messages to contact list of the users. Though they said the Google was quick to fix the issue, there are several areas where security still remains vulnerable. The researchers gave live demos of the hack as well.

Threats Identified From Chrome’s Reliance On Extensions

The threats for hacking Chrome OS, comes from Google’s dependence on extensions which are web based apps. Several extensions have bugs which can inject injected code and content into the browser of the visitor and steal information which are required by users to validate their user accounts. Johanson and Osborn observed that a bug of one extension allowed it to steal communication of another extension.

Meanwhile, a Google spokesperson said that the conversation relates to web and not of Chrome OS. The spokesperson further added that Chromebooks are equipped well enough to handle attacks on the web because of an effectively designed extensions model. Recently Google through a publication has said that it is writing more safe extensions for the Chrome OS.

{ 1 comment… read it below or add one }

1 Saif Hassan (saiftheboss7) 08.05.11 at 12:29 am

OOpps! I though it cannot be attacked!

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Buzzify Networks

Google Chrome and Google™ is a Trademark of Google Inc - Google Chrome. - Sitemap - Privacy Policy - SEO Enhanced
This site chromeplugins.org is not affiliated with or sponsored by Google Inc.
Coming Soon Chrome Themes and Chrome Extensions