SoylentNews is people
SoylentNews
posted by
cmn32480
on Saturday October 01 2016, @02:22PM
from the this-could-be-a-lot-of-people dept.
from the this-could-be-a-lot-of-people dept.
Google released a hugely important patch for Chrome OS. The post about the patch in question states that it patched "a chain of exploits that gains code execution in guest mode across reboots, delivered via web page." The fact that the person won the top prize in their pwnium project means that the person in question managed to get a working rootkit. There is also mention of needing additional hardening, which may mean a whole class of vulnerabilities are present. One paranoid commentator on another site pointed to "a kernel key version update in the TPM" in the patch as meaning their old signing key having lead to the vulnerability.
One thing is sure, however, once the security embargo ends, that bug report might be a good read.
This discussion has been archived.
No new comments can be posted.
Huge security update for Chrome OS -- Patch immediately
|
Log In/Create an Account
| Top
| 14 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
"The subspace _W inherits the other 8 properties of _V. And there aren't
even any property taxes."
-- J. MacKay, Mathematics 134b
(Score: 2) by butthurt on Saturday October 01 2016, @11:45PM
Perhaps I should have quoted at more length:
Chrome is updated automatically every six weeks or so. There are no prompts asking whether or not you would like to install a security fix or a patch or a service pack. When the Chrome OS is on, it is the most up-to-date version, no matter what.