PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Simon on August 04, 2011, 23:45

Title: Researchers crack Chrome OS via extensions
Post by: Simon on August 04, 2011, 23:45

A pair of security researchers have found a way to steal data from Chrome OS via extensions.

Google claims Chrome OS is more secure than other OSes because - among other features - it is updated constantly, meaning it won't be left unpatched by users.

At the Black Hat conference in Las Vegas, Matt Johansen and Kyle Osborn from White Hat Security revealed how to steal user data by targeting extensions used by the browser-based operating system.

The researchers used a cross-site scripting attack targeting extensions, accessing data on any open tab - even if the webpage doesn't have a vulnerability of its own.

"You're talking about a super pared-down version of the operating system," Osborn told MIT's Tech Review. "And they're trying to rebuild functionality through extensions."

Indeed, the researchers said one simple way to target Chrome OS would be to create malicious extensions or apps, as Google doesn't vet either before letting users install them.

Read more: http://www.pcpro.co.uk/news/security/369118/researchers-crack-chrome-os-via-extensions

Title: Re: Researchers crack Chrome OS via extensions
Post by: Clive on August 05, 2011, 08:41

What are these extensions you talk of?   :dunno:

Title: Re: Researchers crack Chrome OS via extensions
Post by: Rik on August 05, 2011, 10:01

They're things people build on the backs of their houses, Clive. ;)

Title: Re: Researchers crack Chrome OS via extensions
Post by: Clive on August 05, 2011, 10:21

Ah!  Thanks Rik.   :thumbs: