Do you think the recently revealed flaws in the Google Chrome extensions that enable the functionality on Chromebook...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
notebooks represent a fundamental flaw in the design of the platform? Should they affect how we conduct our risk assessment regarding whether to allow these devices on the network?
As Google states, the Google Chrome extension flaws are more Web security flaws than operating system-level flaws. This is not to minimize the risk from this security vulnerability in Chromebooks or the VUPEN attacks on Chrome. But, the fact that security researchers and attackers are shifting their tactics away from attacking the OS via the browser to using the browser to abuse Web application insecurities illustrates security improvements have been made in the Chromebook OS. This specific attack also illustrates weaknesses in the design of the Chrome Web browser extensions.
A mobile device risk assessment for Chromebook security should be more comprehensive than just looking at the risk around the browser plug-ins or even evaluating the Chrome Web browser. If you are evaluating risks to Web browsers in use on your network, you will want to identify browser plug-ins that may be used on your systems, like ActiveX controls, Java, Flash, etc. A risk assessment of Chromebooks may come down to just evaluating the Chrome Web browser since the platform’s security features include a lengthy list of security capabilities. Also, one of the fundamental components of using Chromebooks is using cloud-based services, so the potential cloud-based services should be included in the risk assessment.
Dig Deeper on Handheld and Mobile Device Security Best Practices
Related Q&A from Nick Lewis
The BENIGNCERTAIN exploit affects certain versions of Cisco systems using the IKEv1 protocol. Expert Nick Lewis explains what the protocol does and ...continue reading
Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises...continue reading
MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.