• Learn how to Run Mac Snow-Leopard on Ubuntu using Oracle Sun Virtual-box
  • Are you a Turbo C++ addict/? Learn how to emulate Turbo c++ with Dos-box in a few steps.
  • Ubuntu's purple love-- A Clean and minimalistic wallpaper for your Desktop.

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability

Google is going through rough times, First, FusionX used the company's homepage to pry into a host of  SCADA systems, and then it was Androids Security Vulnerability issue.
But no matter how complicated and serious the problem, we've been seeing Google in its high Resilience, trying its best to be at the Top notch, but it looks like Google's issues are never ending, as soon as one issue gets solved another  is ready to take its place. Google has failed in securing its Chrome OS, and this issue was officially discussed at the Black Hat conference.

Chrome OS vulnerabilities were revealed at Black Hat 2011 in Las Vegas by Matt Johansen, WhiteHat Security Team Lead, on the right, and Kyle Osborn, Application Security Specialist focusing on offensive security for WhiteHat Security. Here's a screenshot of the actual demonstration revealing the security vulnerability hack into Chrome OS.

According to WhiteHat security researchers Matt Johansen and Kyle Osborn, one major issue is Google's vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad -- a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user's contacts and cookies, which could give hackers access to other accounts, including Gmail. Google quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat's attendees that they've discovered similar vulnerabilities in other extensions, as well.

In a statement, a Google spokesperson said, "This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels." The company went on to say that its laptops can ward off attacks better than most, thanks to "a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced."

Not to worry Chrome OS does remain one of the most secure platforms(atleast for now), thanks to Google’s work in ensuring holes are closed.


Post a Comment