Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • No, ChromeOS isn’t impervious

    Posted on November 8th, 2017 at 03:13 woody Comment on the AskWoody Lounge

    Just so you know, Google awarded a $100,000 bug bounty to an anonymous contributor for finding a security hole in a beta version of ChromeOS.

    According to Google’s release notes for the current version of ChromeOS, from two weeks ago:

    Stable Channel Update for Chrome OS / Security Fixes

    [$100,000][766253] Critical: Persistent code execution on Chrome OS. Reported by Anonymous on 2017-09-18

    It’s the kind of security hole we see a half-dozen times a month in Windows. Google caught and fixed the bug before releasing the version of ChromeOS:

    We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

    A very different mindset, yes?

    If that helped, take a second to support AskWoody on Patreon

    Home Forums No, ChromeOS isn’t impervious

    This topic contains 5 replies, has 6 voices, and was last updated by  Ascaris 11 months, 2 weeks ago.

    • Author
    • #144648 Reply

      Da Boss

      Just so you know, Google awarded a $100,000 bug bounty to an anonymous contributor for finding a security hole in a beta version of ChromeOS. Accordin
      [See the full post at: No, ChromeOS isn’t impervious]

      2 users thanked author for this post.
    • #144653 Reply

      AskWoody Lounger

      Da Boss needs to get more sleep!

      1 user thanked author for this post.
    • #144728 Reply

      AskWoody Lounger

      You know I tried a couple Chromebooks when they first came out. Never had a issue with the OS itself but at the time apps were not so plentiful and wasn’t close to offering Android apps. But my biggest issue was the weak hardware or a over priced Pixel notebook. Not much in between in price. Actually running Neverware on a older notebook for someone I realized if you can find a decent size Chromebook with a good core i3 or i5 you really have a  good notebook.  Before I would buy a Windows 10S notebook I would buy a Chromebook for sure. I still believe the OS is better at protecting users then Windows will ever be.

      • #144893 Reply

        AskWoody MVP

        Before I would buy a Windows 10S notebook I would buy a Chromebook for sure. I still believe the OS is better at protecting users then Windows will ever be.

        In terms of malware, that’s very likely true.  In terms of privacy, though, I would have to cautiously give the benefit to Microsoft, at least for now.  Yes, they’ve got telemetry all over the place these days, but so far, it seems that what it is being used for is just what they claim– to find and fix Windows bugs.  Of course, the rest of the story is that they need the end users to find bugs because they saved money by not finding them in-house prior to release, which kind of puts a darker shade on the “we’re just using the data to fix Windows to make it better!” claim.  While ostensibly true, it wouldn’t be so important that they would have to force updates and not allow telemetry to be turned completely off if they bothered to test it themselves.

        In contrast, Google slurps data by the terabyte to target us with advertising.  While MS has no specific incentive (as long as the current paradigm of using the telemetry to fix bugs holds) to slurp up personal data and to create a detailed profile of every person in the world, Google is doing just that.  That’s bad enough in and of itself, but by definition, any data that exist can possibly be stolen by leakers, hackers, or be “requested” by a government.  Data that don’t exist do not present that risk, and Microsoft’s data are less likely to have that kind of detailed record than Google’s.

        People assume that MS is going to use the data for ads, whether they use it in-house or sell it to eager advertising companies (in an era where Google dominates nearly everything, it just seems “normal” that slurped data be used in that way), but that so far remains only a possibility, as far as I know.  It’s a real concern, and with the way Microsoft has been conducting business lately, I wouldn’t swear on a stack of dictionaries that they would never do that.  It’s just a “maybe” for the time being.

        Google, though, actually (and undeniably) does collect vast amounts of data about everyone it can, and they do use it to target people with ads.  Advertising is how they Google makes their money, and they have never tried to hide this.  It’s long since been accepted by most people, even if with a shrug and a “what ya gonna do.”

        MS, on the other hand, tried to use Google’s data slurping habits against them in the “Scroogled” campaign, only to turn around and turn into slurpers themselves.  That, along with the various other aggressive moves MS has made toward Windows users, gives a sneaky, sinister kind of vibe when it comes to their telemetry.  For that, they have no one to blame but themselves.

        I wonder if MS would have ended up getting more telemetry data if they had just given people the “off” button in Windows 10 from the very start.  The hullabaloo over the “can’t turn it off” telemetry never would have happened, and a lot of people who avoided 10 or who migrated to 10 but took measures to defeat the telemetry might not have ever thought to worry about it.

        Group L (Linux): KDE Neon User Edition 5.14.1 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

        2 users thanked author for this post.
    • #144730 Reply

      AskWoody Lounger

      Just now received the chrome update. Seems to work fine.

    • #144748 Reply

      AskWoody MVP

      This week’s stable channel release was noted in the Chomebooks and ChromeOS for Windows wonks topic recently, as it was a security update:

      Stable Channel Update for Chrome OS

      Friday, November 3, 2017

      The Stable channel has been updated to 62.0.3202.82 (Platform version: 9901.66.0) for most* Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days.
      *Devices with the Play Store will be rolling out over the next few days.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: No, ChromeOS isn’t impervious

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: