updated 08:50 pm EDT, Sat August 6, 2011
Chrome OS exploits uncovered at Black Hat
Chrome OS is vulnerable both to extensions and, to some extent, to Google's own approach to security, WhiteHat Security experts led by Matt Johansen revealed in a presentation at the Black Hat conference this week. Because extensions have to reach outside sites and the OS depends on this code for extra features, it's possible to compromise the OS itself by installing a malicious extension. While not an issue by itself, CNET noted that extensions have shown up in Google's own Chrome Web Store explicitly meant to steal information, and others get deep access that could be misappropriated.
Johansen noted that there didn't appear to be vetting for the extensions in the web store. Although they can be marked as safe, extensions that clearly shouldn't have been on the store were marked as safe.
"We actually saw an extension in the Chrome Web Store called Cookie Stealer that did precisely that," the researcher said. "But hey, it had the checkmark next to it that it was verified safe and secure."
Chrome OS did still have some security elements that gave it advantages, much of which were borrowed from the regular Chrome browser. Tabs are sandboxed from each other to prevent spying on secure data from another tab, browser exploits have to happen locally, and the OS is responsible for its own plugins. Google argued that the vulnerabilities were all about the web, not the OS.
With the web representing virtually the entire OS, though, Johansen noted that there were relatively few layers. Chrome OS has no anti-malware behind what the regular OS itself offers, leaving the owner to make more of the decisions about what content was safe. "The issue of permissions is complicated because it basically turns the end user into a firewall," he said.