- Mar 15, 2011
- 13,070
Security researchers have identified vulnerabilities in Chrome OS extensions that allow attackers to steal sensitive data and access the victim's accounts.
According to Reuters, researchers Matt Johansen and Kyle Osborn of WhiteHat Security discovered originally discovered the hole in a Chrome OS note-taking application.
Google fixed the problem earlier this year and paid the researchers $1,000 through its security reward program, however, the two experts have since identified the same type of vulnerability in multiple Chrome extensions.
Google flaunts Chrome OS systems as more secure than regular PCs because they lack many attack vectors and benefit from additional security layers like sandboxing and integrity checks.
However, as a Web-oriented operating system, Chrome OS is dependent on extensions and apps for additional functionality and that by itself exposes a large attack surface.
More Info