Google released a hugely important patch for Chrome OS. The post about the patch in question states that it patched "a chain of exploits that gains code execution in guest mode across reboots, delivered via web page." The fact that the person won the top prize in their pwnium project means that the person in question managed to get a working rootkit. There is also mention of needing additional hardening, which may mean a whole class of vulnerabilities are present. One paranoid commentator on another site pointed to "a kernel key version update in the TPM" in the patch as meaning their old signing key having lead to the vulnerability.
One thing is sure, however, once the security embargo ends, that bug report might be a good read.
(Score: 0) by Anonymous Coward on Saturday October 01 2016, @04:12PM
They've learned the real lesson from the Microsoft case and have paid the necessary bribes.
(Score: 1, Informative) by Anonymous Coward on Saturday October 01 2016, @09:14PM
They don't have a monopoly because nobody uses that fucking OS.