Well, somebody’s finally done it. Google’s been selling us for quite a while on just how secure Chrome is, and they haven’t really lied to us. Getting into the OS or the browser for that matter has proved pretty darn difficult. But at the Black Hat security conference two researchers with White Hat Security have gotten into Chrome OS.
The flaw is in ScratchPad, a Chrome app that allows users to compose text files and then save them to Google Docs. Through it, the attacker can gain access to a person’s e-mail, contacts, and Google Docs and Voice accounts. Give Google some credit here though, the two redarchers working on this – Matt Johanson and Kyle Osborn — said they spent months looking for a hole, and must have only found one now.