Skip to main content

Chromebook security in question due to flawed Google Chrome extensions

posted onAugust 4, 2011
by l33tdawg

Flaws in Google Chrome extensions could enable attackers to steal account credentials, hijack browser sessions and virtually take over a victim’s computer without their knowledge, according to two researchers at WhiteHat Security Inc. They say the flaws jeopardize Chromebook security. Chromebook, the new Web-based laptop/netbook platform based on the Google Chrome OS, relies on extensions for its functionality. 

In a presentation at Black Hat 2011, Matt Johansen and Kyle Osborn of Santa Clara Calif.-based WhiteHat Security, demonstrated ways cybercriminals can use extensions by targeting cross-site scripting (XSS) vulnerabilities, a common Web-application coding error frequently targeted by attackers. The issue could have a wide-ranging impact on Google Chromebook users, who must rely on Chrome extensions to access documents and other information.

“The software security model we’ve been dealing with for decades now has been reframed,” Johansen said.  “It’s moved into the cloud and if you’re logged into bank, social network and email accounts, why do I care what’s stored in your hard drive?”

Source

Tags

Google Chrome Hardware

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th