Latest in Black hat

Image credit:

WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat

Amar Toor, @amartoo
08.06.11
62 Shares
Share
Tweet
Share
Save

Sponsored Links

It's been a rough Black Hat conference for Google. First, FusionX used the company's homepage to pry into a host of SCADA systems, and now, a pair of experts have discovered a way to hack into Chrome OS. According to WhiteHat security researchers Matt Johansen and Kyle Osborn, one major issue is Google's vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad -- a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user's contacts and cookies, which could give hackers access to other accounts, including Gmail. Big G quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat's attendees that they've discovered similar vulnerabilities in other extensions, as well. In a statement, a Google spokesperson said, "This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels." The company went on to say that its laptops can ward off attacks better than most, thanks to "a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
62 Shares
Share
Tweet
Share
Save

Popular on Engadget

Apple will manufacture its new Mac Pro in Texas

Apple will manufacture its new Mac Pro in Texas

View
Google's Play Pass app subscription service is now available

Google's Play Pass app subscription service is now available

View
Hyundai teams with Aptiv to put self-driving cars on the road by 2022

Hyundai teams with Aptiv to put self-driving cars on the road by 2022

View
Microsoft announces plan to make the Xbox carbon neutral

Microsoft announces plan to make the Xbox carbon neutral

View
Get ready for a week of home theater tech on Engadget

Get ready for a week of home theater tech on Engadget

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr