Do you think the recently revealed flaws in the Google Chrome extensions that enable the functionality on Chromebook...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
notebooks represent a fundamental flaw in the design of the platform? Should they affect how we conduct our risk assessment regarding whether to allow these devices on the network?
As Google states, the Google Chrome extension flaws are more Web security flaws than operating system-level flaws. This is not to minimize the risk from this security vulnerability in Chromebooks or the VUPEN attacks on Chrome. But, the fact that security researchers and attackers are shifting their tactics away from attacking the OS via the browser to using the browser to abuse Web application insecurities illustrates security improvements have been made in the Chromebook OS. This specific attack also illustrates weaknesses in the design of the Chrome Web browser extensions.
A mobile device risk assessment for Chromebook security should be more comprehensive than just looking at the risk around the browser plug-ins or even evaluating the Chrome Web browser. If you are evaluating risks to Web browsers in use on your network, you will want to identify browser plug-ins that may be used on your systems, like ActiveX controls, Java, Flash, etc. A risk assessment of Chromebooks may come down to just evaluating the Chrome Web browser since the platform’s security features include a lengthy list of security capabilities. Also, one of the fundamental components of using Chromebooks is using cloud-based services, so the potential cloud-based services should be included in the risk assessment.
Dig Deeper on Handheld and Mobile Device Security Best Practices
Related Q&A from Nick Lewis
A rise in ransomware attacks has been attributed to a new service model for cybercriminals. Nick Lewis explains what's behind this new threat.continue reading
A malware tool that helped to compile the Zeus Trojan has been leaked on the Web. Expert Nick Lewis explains what this means for enterprise security ...continue reading
When it comes to state-sponsored attacks infecting mobile devices, do users have any chance of tracing the attack? Expert Nick Lewis offers some ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.