Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Saturday October 01 2016, @02:22PM   Printer-friendly
from the this-could-be-a-lot-of-people dept.

Google released a hugely important patch for Chrome OS. The post about the patch in question states that it patched "a chain of exploits that gains code execution in guest mode across reboots, delivered via web page." The fact that the person won the top prize in their pwnium project means that the person in question managed to get a working rootkit. There is also mention of needing additional hardening, which may mean a whole class of vulnerabilities are present. One paranoid commentator on another site pointed to "a kernel key version update in the TPM" in the patch as meaning their old signing key having lead to the vulnerability.

One thing is sure, however, once the security embargo ends, that bug report might be a good read.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Troll) by Ethanol-fueled on Saturday October 01 2016, @02:27PM

    by Ethanol-fueled (2792) on Saturday October 01 2016, @02:27PM (#408778) Homepage

    This was hiding in plain sight, as even the Chrome logo looks like a gaping dilapidated asshole worthy of the Great Goatse himself.

    It's also one of the most annoying browsers ever coded, try to mess with the privacy settings and you'll see what I mean. It was designed by weasel snake bastards and even Chromium sucks ass. I'm going to use my degree in Computer Sciences from PoopooPoot Upstairs University of India to fix it.

    Thank you come again!

    • (Score: 3, Touché) by Anonymous Coward on Saturday October 01 2016, @02:52PM

      by Anonymous Coward on Saturday October 01 2016, @02:52PM (#408789)

      a gaping dilapidated asshole worthy of the Great Goatse himself.

      Now that we've heard from the local expert we can close this discussion.

    • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:26PM

      by Anonymous Coward on Saturday October 01 2016, @03:26PM (#408799)

      reading comprehension fail:

      chrome != chrome os

      • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:35PM

        by Anonymous Coward on Saturday October 01 2016, @03:35PM (#408801)

        Chrome OS requires you to close and restart the browser to update it. The browser is the main component of Chrome OS.

        • (Score: 3, Interesting) by Ethanol-fueled on Saturday October 01 2016, @03:45PM

          by Ethanol-fueled (2792) on Saturday October 01 2016, @03:45PM (#408807) Homepage

          The parent is right, though, I did jump the gun and just wanted an excuse to discuss Goatse and its butt-rammifications of technology.

  • (Score: 2) by butthurt on Saturday October 01 2016, @02:57PM

    by butthurt (6141) on Saturday October 01 2016, @02:57PM (#408791) Journal

    I have heard that Chrome OS patches itself automatically. Is that not true?

    Chrome is updated automatically every six weeks or so. There are no prompts asking whether or not you would like to install a security fix or a patch or a service pack.

    -- https://www.fastcompany.com/1708277/google-chrome-vs-microsoft-windows-browser-battle-escalates-os-war [fastcompany.com]

    [...] the latest software updates and security patches would be installed automatically over the Web. Chrome OS devices will be able to detect whether the latest security patches have been installed, Papakipos said, and will even be able to re-image the system while preserving user settings.

    -- http://www.infoworld.com/article/2683638/techology-business/google-s-chrome-os--a-web-appliance--not-a-pc.html [infoworld.com]

    • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:03PM

      by Anonymous Coward on Saturday October 01 2016, @03:03PM (#408794)

      Not if you don't close the browser. I might have it open for days or weeks without closing the damn thing.

      • (Score: 2) by mrclisdue on Saturday October 01 2016, @03:31PM

        by mrclisdue (680) on Saturday October 01 2016, @03:31PM (#408800)

        as already posted:

        reading comprehension fail:
        chrome != chrome os

        • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:42PM

          by Anonymous Coward on Saturday October 01 2016, @03:42PM (#408804)

          "a chain of exploits that gains code execution in guest mode across reboots, delivered via web page."

        • (Score: 2) by mrclisdue on Saturday October 01 2016, @03:43PM

          by mrclisdue (680) on Saturday October 01 2016, @03:43PM (#408805)

          apologies for previous post, smartphone and thumbs sometimes don't work too well, and it was submitted before I was finished...

          I wanted to point out, as someone else has, that the browser is integral to the os, therefore you're correct in that the browser must be closed...

          back to the shadows

          • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:55PM

            by Anonymous Coward on Saturday October 01 2016, @03:55PM (#408809)

            browser is integral to the os

            So why hasn't Google been sued by the EU, a la MS?

            • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @04:12PM

              by Anonymous Coward on Saturday October 01 2016, @04:12PM (#408812)

              They've learned the real lesson from the Microsoft case and have paid the necessary bribes.

              • (Score: 1, Informative) by Anonymous Coward on Saturday October 01 2016, @09:14PM

                by Anonymous Coward on Saturday October 01 2016, @09:14PM (#408873)

                They don't have a monopoly because nobody uses that fucking OS.

    • (Score: 2) by butthurt on Saturday October 01 2016, @11:45PM

      by butthurt (6141) on Saturday October 01 2016, @11:45PM (#408905) Journal

      Perhaps I should have quoted at more length:

      Chrome is updated automatically every six weeks or so. There are no prompts asking whether or not you would like to install a security fix or a patch or a service pack. When the Chrome OS is on, it is the most up-to-date version, no matter what.