As you may have read, two researchers from WhiteHat Security’s Threat Research Center recently spoke about security flaws in Google’s Chrome OS.
Matt Johansen and Kyle Osborn spoke at a Black Hat security conference in Las Vegas on August 3, and said they were able to execute successful hacks and retrieve users’ emails, Google Docs, contacts, and Google Voice messages.
Google Chrome OS extensions, like other web applications, have various permission levels. These permission levels, according to the researchers, can be exploited and allows hackers the ability to insert JavaScript malware into target computers and steal sensitive information.
A Google spokesperson addressed the issue: “This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the Web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.”
The researchers did note that Google has been responsive and has issued recommendations for writing healthier extensions, since they pointed out the security flaws.
