1Likes
LinkBack URL
About LinkBacks
Matt Johansen and Kyle Osborn presented their paper at Black Hat this morning titled "Hacking Google ChromeOS".
Google's netbook operating system has been touted as the first platform that has been designed to be malware free from the start. Users are not able to download/install/execute code on a ChromeBook, they are only allowed to download Chrome extensions.
Johansen and Osborn didn't bother to try and prove Google wrong, they simply looked into the implications of having everything "running" as an extension in the browser.
Their research impacts all users of Google Chrome, whether they happen to be using it as an OS or simply as their browser of choice.
They discovered two things... One is that if you are running JavaScript code on the device, your code could be vulnerable to a XSS (cross site scripting) attack.
When a website has a XSS vulnerability, it allows people to attack that specific site, but it does not effect others. What happens when you have a XSS vulnerability in an application in your browser?
Well, considering the API that Chrome provides for extension development, it allows an attacker to exploit any web site operating within that browser (including all other tabs).
They did point out that Google has been very responsive and has been working with them on solutions to mitigate the risks.
While it is easy to write a malicious application and upload it to the Chrome Web Store, you would have a difficult time getting a large number of people to install it.
Scary ehh ??? Have a nice day.
More & Source.
Results 1 to 6 of 6
- The Specialist *
- Join Date
- May 2010
- Location
- KOLKATA
- Posts
- 5,162
- Liked
- 731 times
- Points
- 47,580
BH 2011: Hacking Google ChromeOS
I don't need to know everything, I just need to know where to find it, when I need it.
- I'd rather be fishing!
- Join Date
- Jan 2011
- Location
- Minnesota, USA
- Posts
- 3,155
- Liked
- 1543 times
- Points
- 4,220
Thanks for the interesting read Indra.
INDRANIL likes this.Life isn't about waiting for the storm to pass, it's about learning to dance in the rain!
- Malware Hunter
- Join Date
- Sep 2009
- Location
- Kolkata, India
- Posts
- 485
- Liked
- 104 times
- Points
- 6,801
Nice share Indranil. Thanks.
- Guest
- Join Date
- May 2007
- Location
- Philippines
- Posts
- 4,006
- Liked
- 710 times
- Points
- 47,645
Wait a little longer and it's gonna be fun,fun and fun! No matter how good the security architecture of the platform is, it will always be a potential market for cyber-criminals.Google's netbook operating system has been touted as the first platform that has been designed to be malware free from the start. Users are not able to download/install/execute code on a ChromeBook, they are only allowed to download Chrome extensions."Stars and the Sun"
- I'd rather be fishing!
- Join Date
- Jan 2011
- Location
- Minnesota, USA
- Posts
- 3,155
- Liked
- 1543 times
- Points
- 4,220
Nothing like throwing out a challenge for someone hacker to overcome, eh? "I'm gonna break Google" probably gives them a reason to get up every morning.
Originally Posted by ceyfer 
- The Specialist *
- Join Date
- May 2010
- Location
- KOLKATA
- Posts
- 5,162
- Liked
- 731 times
- Points
- 47,580
Well said Bearcat
.
Reply With Quote
Originally Posted by ceyfer 
Similar Threads
-
Google blacklists 247 certificates. Is it related to DigiNotar hacking incident? !!
By INDRANIL in forum Spyware/VirusesReplies: 4Last Post: 09-03-2011, 02:22 AM -
Hacking
By pdevang in forum Spyware/VirusesReplies: 18Last Post: 09-19-2009, 01:34 PM -
Hacking Attempt?
By bahirzaheri8 in forum General ForumReplies: 18Last Post: 02-04-2009, 01:36 PM
