Do you think the recently revealed flaws in the Google Chrome extensions that enable the functionality on Chromebook...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
notebooks represent a fundamental flaw in the design of the platform? Should they affect how we conduct our risk assessment regarding whether to allow these devices on the network?
As Google states, the Google Chrome extension flaws are more Web security flaws than operating system-level flaws. This is not to minimize the risk from this security vulnerability in Chromebooks or the VUPEN attacks on Chrome. But, the fact that security researchers and attackers are shifting their tactics away from attacking the OS via the browser to using the browser to abuse Web application insecurities illustrates security improvements have been made in the Chromebook OS. This specific attack also illustrates weaknesses in the design of the Chrome Web browser extensions.
A mobile device risk assessment for Chromebook security should be more comprehensive than just looking at the risk around the browser plug-ins or even evaluating the Chrome Web browser. If you are evaluating risks to Web browsers in use on your network, you will want to identify browser plug-ins that may be used on your systems, like ActiveX controls, Java, Flash, etc. A risk assessment of Chromebooks may come down to just evaluating the Chrome Web browser since the platform’s security features include a lengthy list of security capabilities. Also, one of the fundamental components of using Chromebooks is using cloud-based services, so the potential cloud-based services should be included in the risk assessment.
Dig Deeper on Handheld and Mobile Device Security Best Practices
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.