Do you think the recently revealed flaws in the Google Chrome extensions that enable the functionality on Chromebook...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
notebooks represent a fundamental flaw in the design of the platform? Should they affect how we conduct our risk assessment regarding whether to allow these devices on the network?
As Google states, the Google Chrome extension flaws are more Web security flaws than operating system-level flaws. This is not to minimize the risk from this security vulnerability in Chromebooks or the VUPEN attacks on Chrome. But, the fact that security researchers and attackers are shifting their tactics away from attacking the OS via the browser to using the browser to abuse Web application insecurities illustrates security improvements have been made in the Chromebook OS. This specific attack also illustrates weaknesses in the design of the Chrome Web browser extensions.
A mobile device risk assessment for Chromebook security should be more comprehensive than just looking at the risk around the browser plug-ins or even evaluating the Chrome Web browser. If you are evaluating risks to Web browsers in use on your network, you will want to identify browser plug-ins that may be used on your systems, like ActiveX controls, Java, Flash, etc. A risk assessment of Chromebooks may come down to just evaluating the Chrome Web browser since the platform’s security features include a lengthy list of security capabilities. Also, one of the fundamental components of using Chromebooks is using cloud-based services, so the potential cloud-based services should be included in the risk assessment.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.