WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat

Filed under: News,Tech |


It’s been a rough Black Hat conference for Google. First, FusionX used the company’s homepage to pry into a host of SCADA systems, and now, a pair of experts have discovered a way to hack into Chrome OS . According to WhiteHat security researchers Matt Johansen and Kyle Osborn , one major issue is Google’s vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad — a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user’s contacts and cookies, which could give hackers access to other accounts, including Gmail. Big G quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat’s attendees that they’ve discovered similar vulnerabilities in other extensions, as well. In a statement, a Google spokesperson said, “This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels.” The company went on to say that its laptops can ward off attacks better than most, thanks to “a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.” WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat originally appeared on Engadget on Sat, 06 Aug 2011 17:07:00 EDT. Please see our terms for use of feeds . Permalink

Related Posts Plugin for WordPress, Blogger...
Posted by on August 6, 2011. Filed under News, Tech. You can follow any responses to this entry through the RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply