Vulnerabilities found in Google Chrome PC security

SHARE:



BOSTON: Google Inc brags that computers running its recently released Chrome operating system are a lot safer than traditional PCs, partly because user data is stored in the Internet cloud and not on the machine. 
Yet researchers at an independent computer security firm warn that the Chrome PC's reliance on Web computing makes it vulnerable to the same attacks that hackers have been launching on websites and Web browsers for years. 

Matt Johansen , a researcher with WhiteHat Security, said he identified a flaw in a Chrome OS note-taking application that he exploited to take control of a Google email account. He reported it to Google, which fixed the problem and gave him a $1,000 reward for pointing it out. Johansen said he has since discovered other applications with the same security flaw. 


"This is just the tip of the iceberg," he told Reuters. "This is just evolving around us. We can see this becoming a whole new field of malware." 
Google is betting that the launch of its Web-centric Chrome OS PCs will help reshape the the decades-old personal computer industry, challenging entrenched players such as Microsoft Corp and Apple Corp The first Chrome PC laptop, from Samsung, went on sale earlier this month. Early reviews have been mixed, with some influential technology hands noting that the concept of an always-Internet-connected PC may be ahead of its time and not ideal for mainstream users. 

One key to hacking Chrome OS is to capture data as it travels between the Chrome browser and the cloud, Johansen said. Hackers have until now mostly targeted data that sits on a machine's hard drive. 
"I can get at your online banking or your FaceBook profile or your email as it is being loaded in the browser," he said. "If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive." 

Johansen declined to identify the applications with the security bugs. He and colleague Kyle Osborn are holding back that information for a presentation at Black Hat, a prestigious hacking conference to be held this August in Las Vegas. 

Those applications belong to a class of software programs known as "extensions," which users download from the Google Chrome Web Store . Extensions are essentially applications that run inside browsers 
The bulk of Chrome OS extensions are written by independent software developers, not by Google. 
Johansen said the problem with the extensions is related to a design flaw in Google Chrome OS: the operating system gives extensions sweeping rights to access data stored on the cloud. 

"Chrome is trusting these extensions more than it would be trusting just another website," he said. 
Executives at Google said they are looking to improve procedures that screen extensions for vulnerabilities before clearing them for the Chrome Web Store. 

Caesar Sengupta, director of Chrome OS, said the company was exploring "various ways" of trying to automatically tag questionable extensions. Yet he said that Google did not want to make it onerous for developers to get their extensions distributed through the marketplace. 

"We are trying to create a system that -- like the Web -- is open," he said. 
Alex Stamos, a security expert with iSec Partners who helped develop the security system for Chrome OS, said that it would be unfair to condemn the overall security of the new operating system just because of the issues cited by the WhiteHat researchers. 

"While things might not be perfect, we are talking about a much more controlled and secure environment than you have on Windows and Mac PCs ," he said.

COMMENTS

Name

4G,1,Aerospace Engineering,2,AFP Consortium,1,amazon,3,Amazon india coupons,3,AMD,1,android,13,Anonymous,3,Antivirus,1,app,11,apple,24,apps,4,Assurance,1,Audi,2,auto,6,automation software,2,automotive technology,9,banking,1,bitcoin,1,BlackBerry,5,blockchain,1,BMW,1,brands,1,browser,2,Business,2,business strategy,1,cameraphone,3,car,12,car technology,8,CES,1,chromebook,3,Cloud computing,3,cloud Technology,2,companies,3,Consortium,1,content marketing,2,corporate,1,coupons,3,cyber crime,5,cyber security,21,data,3,data recovery,1,deals,1,Dell Streak,1,devices,2,digital currency,1,digital marketing,6,disk,1,e commerce,1,eBay,1,ebook,1,ecommerce,4,Electric Cars,9,electronics sale,2,elon musk,2,email,1,energy,1,entrepreneur,1,entrepreneurship,2,facebook,24,financial tech,1,firefox,2,firefox os,2,Flipkart,2,future business,1,future technology,22,gadget,31,gamail,1,games,6,google,18,google cars,1,google glass,3,Google I/O,1,Google+,8,goole ranking,1,Graphics Card,1,hackers,14,hacking,7,hardware,5,Hosting,3,How To Guides,10,How Tos,7,icloud,2,Information Technology,13,infosec,9,innovation,36,internet,8,Internet Explorer,1,Internet of Things,2,ios,5,IoT,2,ipad,8,iPhone,10,iPhone 8,1,iWatch,1,Jabong,1,laptop,3,LinkedIn,2,Lotus Notes,3,MacBook,3,mackbook air,2,Mark Zuckerberg,4,Mercedes,1,messenger,1,microsoft,5,mobile app development,7,mobile apps,11,mobile broadband,1,mobile enterprise,9,mobile recharge,2,mobility,11,mobility management,6,Motorola Xoom,1,Myntra,1,network,4,nokia,1,NSA,2,Nvidia,1,Objective-C,1,online course,1,online education,1,online recharge,1,online shopping,3,opreating system,4,Outlook,2,P2P,1,page ranking,1,patent,1,Payment,1,PayTM,1,pc software,1,photoshop,1,playstation,1,Porsche,1,process management,2,Procure,1,programming,1,programming language,2,Quality,1,Redbus,1,remote control,1,renewable energy,2,review,8,samsung,5,search engine,1,security,10,Self Driving Cars,10,SEO,2,smartphone,11,sms,1,Snapdeal,2,social media,5,social network,9,software,10,startup,2,steve jobs,3,storage,1,strategy,1,Supercars,1,Swift,1,tablet,9,team management,1,tech,4,tech conference,1,Tech event,2,Ted talk,1,Tesla,2,Tesla Motors,3,timeline,1,toolbar,1,tools,2,torrent,1,touchscreen,2,trdx,1,tutorial,2,twitter,3,udacity,1,udemy,1,ultrabook,1,USB,1,video,1,video editor,1,Virtual Reality,1,Volvo,2,VPN,3,Wearable gadget,2,Wearable Tech,2,Web 4.0,1,web technology,2,Wi-Fi,1,wikileaks,2,windows,6,Windows 8,8,Windows 8 Preview,1,workplace,1,X Mountain Lion,2,xcode,1,
ltr
item
TechFond - Latest Technology News & Analysis | Innovation | Startups | Reviews: Vulnerabilities found in Google Chrome PC security
Vulnerabilities found in Google Chrome PC security
http://3.bp.blogspot.com/-GFTRfctgEuo/Tg04ShoH9uI/AAAAAAAAAr8/s4UM6f-aAXI/s320/google-chrome-logo.jpg
http://3.bp.blogspot.com/-GFTRfctgEuo/Tg04ShoH9uI/AAAAAAAAAr8/s4UM6f-aAXI/s72-c/google-chrome-logo.jpg
TechFond - Latest Technology News & Analysis | Innovation | Startups | Reviews
http://www.techfond.in/2011/06/vulnerabilities-found-in-google-chrome.html
http://www.techfond.in/
http://www.techfond.in/
http://www.techfond.in/2011/06/vulnerabilities-found-in-google-chrome.html
true
6925568668654321940
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy