Tag Archives: Chrome OS
Google plans to launch Chromium browser on Android platform. Although android is the product of Google, many have wondered about the absence of the obvious Chromium browser on the platform. Critic and Google supporters alike have wondered on the necessity of developing a separate Chrome OS when Android has already become immensely popular. The current browser present in Android is an open source browser like chrome. It is based on WebKit. However, the difference between the two is that while Chrome and Chromium are both open course browser, the android browser is a closed source one. Google now plans differently.
Google currently considered as the most powerful search engine today. Chrome, Google’s own browser have clearly entered the scene of web browsing and proven to be among the best since it has many features that could rival best of the best out there. As an example, of how good this browser, it has gained its market despite the dominance of Internet Explorer and Mozilla Firefox within a short period. Everyone thinks that chrome OS has no weakness, until recently proven by experts that the browser exposes people’s data for attacks.
During the Black Hat Security USA security conference yesterday, Whitehat Security researchers Matt Johansen and Kyle Osborn talked about numerous Chrome extension-based attack vectors. According to the two, the fundamental design defect is not going to be addressed easily.
Google Chrome OS developed around the web browser Google Chrome. Almost all of its functionality takes place from web-based apps and extensions, available for downloading at their web-based store. However, it also opens the possibilities for an attack.
Anyone surfing through the web store shall notice that there are extensions and apps that have warning signs. All of the extensions and apps can become a security issue.
It will be easy for attackers to come up with a malicious capable of using social engineering to trick users to install it. Particularly, since the Chrome Web Store submission process now automatic.
The extensions allow the attacker to gain access to people’s data. The extensions designed to use credentials (cookies) for requesting data from websites.
The rogue extension is not only the one that poses such security threats. Vulnerable ones pose similar threats. For instance, a cross-site scripting defect in a website can be abused to attack the website, but an XSS weakness in a Chrome extension can be controlled to attack the entire websites that are open in the browser.
Having several people to install a rogue extension can prove not that easy to implement, this limits the possibility of security attack. However, there are a lot more potential victims if one popular extension can be exploited by an attacker.
Senior security advisor at Sophos, Chester Wisniewski says that people should worry about the existing popular extensions that are vulnerable for such attacks. It allows the attacker to seize everything that happens in the browser session.
Wisniewski also added the fact that all the extensions available in the Chrome Web Store not intended for security purposes, making them more vulnerable.
The researchers assert that Google has been open with addressing the problems. However, it is not that easy to fix it as Chrome design complicate things.
Google believes that their ChromeOS secured than most operating system available for the personal computer today. However, security agency Whitehat denies that ChromeOS secured.
Security researcher for WhiteHat Security, Matt Johansen shares some flaws about ChromeOS as a sample for what people could expect from the upcoming Blackhat security conference in Las Vegas. Johansen tells everyone that Google provided them with a cr-48 Chromebook, which has the operating system ChromeOS so that they could find any lack of security in the operating system. They are able to hack the system within a short-time.
ChromeOS differs from other operating system since the data can be found on the cloud. ChromeOS would be harder to be hack than most OS.
According to Johansen, they exploited the system using a different strategy not used by hackers.
He believes it that it would work just like in the case of smartphones’ malware installed into the device. Users would want to install an application to ChromeOS to max out the capabilities of the OS.
Upon installation, the apps get permission from the user to access data stored on cloud. Although, there is a safety program that ask the user if they would want the application to be stored into the system, some users never think about it and just agrees on installing the device.
The risk started once the app gets authorization from user that it could now access the data in the cloud server and do malicious activity. A good example would be the Scratchpad notetaking app, installed in the ChromeOS as it got installed into the computer. There is a go-ahead signal for the ScratchPad to auto-sync with a users Google Docs account.
The problem with having Google Doc is that Google Docs allow its users to share documents with other users, but lacks the ability to ask the receiving user if they want the document or not. Once Scratchpad running, Google authenticates the logged user, a loop-hole that can be detected and taken advantage of by hackers. The attacker would then embed or share a malicious link that could steal credentials, history or other important data.
As the wide open permission means trouble, it does not mean that the damage cannot be done without permission, as well.
Operating system using hard drive and OS using cloud in storing the data faces the same security risk. As all operating system vulnerable from attacks online.
In the last part of the conversation, Johansen said that they exploited the extension to attack the OS.
Google announces the Chromebook
Long back Google announced its Chrome OS and we have tried a bit of prototype Chrome OS when we glimpsed netbook Cr-48 at beta testing. Google finally announced its launch at I/O developer event. Google Chromebooks will be made available from June 15 in the US, Germany, Italy, Netherlands, Spain and the UK and later, Chromebooks will be launched in many more countries. Chromebooks working on Samsung and Acer machines are made available on Best Buy and Amazon.
Here is a good news that Google Choromebooks are now on sale in the seven courtiers including the UK, The US, France, Spain, Germany, Italy as well as the Netherlands. Though there were some available provider in the US those started from the last week, but this exclusivity dot not quite able to last very long.
Here is not over, I am also giving a list of website from where you can purchase this product if you belongs from the said country. Just read the following list carefully:
- For UK: Amazon .co .uk and PC World,
- For US: Amazon.com and Best Buy,
- For France: Amazon.fr,
- For Germany Amazon.de,
- For Italy and Spain: PIXmania.com,
- And for Netherlands Laptopshop.nl.
Google has unveiled their Chromebook and Chromebox devices at last month, aside from that the first device are made by the Acer and Samsung, though the company confirmed it later that they are now keeping their focus of Chrome OS on notebooks and they have not fix any additional plan of merging it with Android.
The Acer’s version will cost around $350, that is associated with a 11.6 inch display along with a dual-core Intel Atom Processor, not only that this beautiful device has lots of interesting specification such as Dual Brand Wi-Fi, High Definition web camera, noise cancelling microphone, 2 microUSB v 2.0 port, four in one card reader, HDMI port and an optional 3G support. Also this device offers six hours of continuous usage by its battery.
Though Samsung intends to charge a little more than Acer for its Chromebook, they set its price at $430 for the Wi-Fi only and $500 for the integrated 3G connectivity, which also include a 12.1 inch display support along with great battery life of 8.5 hours. Also those upgrades push it to the total weight of 3.26 lbs.