Latest in Black hat

Image credit:

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat

Amar Toor, @amartoo
08.06.11
Share
Tweet
Share

Sponsored Links

It's been a rough Black Hat conference for Google. First, FusionX used the company's homepage to pry into a host of SCADA systems, and now, a pair of experts have discovered a way to hack into Chrome OS. According to WhiteHat security researchers Matt Johansen and Kyle Osborn, one major issue is Google's vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad -- a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user's contacts and cookies, which could give hackers access to other accounts, including Gmail. Big G quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat's attendees that they've discovered similar vulnerabilities in other extensions, as well. In a statement, a Google spokesperson said, "This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels." The company went on to say that its laptops can ward off attacks better than most, thanks to "a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share

Popular on Engadget

Roku is giving away 30 days of premium video

Roku is giving away 30 days of premium video

View
NASA warns Moon base plans might slip by a year

NASA warns Moon base plans might slip by a year

View
Lab-in-a-box test can detect COVID-19 in 5 minutes

Lab-in-a-box test can detect COVID-19 in 5 minutes

View
SpaceX launches its original Dragon capsule for the last time

SpaceX launches its original Dragon capsule for the last time

View
Facebook's experimental Stories feature lets users cross-post to Instagram

Facebook's experimental Stories feature lets users cross-post to Instagram

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr