Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Saturday October 01 2016, @02:22PM   Printer-friendly
from the this-could-be-a-lot-of-people dept.

Google released a hugely important patch for Chrome OS. The post about the patch in question states that it patched "a chain of exploits that gains code execution in guest mode across reboots, delivered via web page." The fact that the person won the top prize in their pwnium project means that the person in question managed to get a working rootkit. There is also mention of needing additional hardening, which may mean a whole class of vulnerabilities are present. One paranoid commentator on another site pointed to "a kernel key version update in the TPM" in the patch as meaning their old signing key having lead to the vulnerability.

One thing is sure, however, once the security embargo ends, that bug report might be a good read.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:26PM

    by Anonymous Coward on Saturday October 01 2016, @03:26PM (#408799)

    reading comprehension fail:

    chrome != chrome os

  • (Score: 0) by Anonymous Coward on Saturday October 01 2016, @03:35PM

    by Anonymous Coward on Saturday October 01 2016, @03:35PM (#408801)

    Chrome OS requires you to close and restart the browser to update it. The browser is the main component of Chrome OS.

    • (Score: 3, Interesting) by Ethanol-fueled on Saturday October 01 2016, @03:45PM

      by Ethanol-fueled (2792) on Saturday October 01 2016, @03:45PM (#408807) Homepage

      The parent is right, though, I did jump the gun and just wanted an excuse to discuss Goatse and its butt-rammifications of technology.