Topic: Researchers crack Chrome OS via extensions

[Simon]

A pair of security researchers have found a way to steal data from Chrome OS via extensions.

Google claims Chrome OS is more secure than other OSes because - among other features - it is updated constantly, meaning it won't be left unpatched by users.

At the Black Hat conference in Las Vegas, Matt Johansen and Kyle Osborn from White Hat Security revealed how to steal user data by targeting extensions used by the browser-based operating system.

The researchers used a cross-site scripting attack targeting extensions, accessing data on any open tab - even if the webpage doesn't have a vulnerability of its own.

"You're talking about a super pared-down version of the operating system," Osborn told MIT's Tech Review. "And they're trying to rebuild functionality through extensions."

Indeed, the researchers said one simple way to target Chrome OS would be to create malicious extensions or apps, as Google doesn't vet either before letting users install them.

Read more: http://www.pcpro.co.uk/news/security/369118/researchers-crack-chrome-os-via-extensions

[Clive]

What are these extensions you talk of?   

[Rik]

They're things people build on the backs of their houses, Clive.

[Clive]

Ah!  Thanks Rik.