by Fahmida Y. Rashid, eWeek
In a preview of a demonstration at the upcoming Black Hat security conference, a security researcher demonstrated how browser extensions can be used to compromise Chrome OS. The Chrome extension ScratchPad had a wide-range of permissions that made it vulnerable to a cross-site scripting attack, Matt Johansen, an application security specialist at WhiteHat Security said July 14 in a preview of a presentation he will be making at Black Hat. Johansen did his work on the Google CR-48 Beta laptop released last fall, but said malicious extensions would affect any device running Chrome OS, whether it’s the CR-48 or the Chromebook.
Share on Facebook