Chrome OS has security flaws, claims researcher

In citing the security holes in Chrome OS, Johansen specifically pointed to the ability of hackers who can steal data as it moves between the cloud and the Chrome OS browser instead of hacking directly into a user's PC.

"I can get at your online banking or your Facebook profile or your e-mail as it is being loaded in the browser," he told Reuters. "If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive."

The vulnerable applications cited by Johansen are extensions downloaded from the Google Chrome Web Store. Though most other browsers also use extensions, Johansen believes there's a design flaw in Google Chrome OS that gives extensions "sweeping rights to access data stored on the cloud."

In response to Johansen's claims, a Google spokeswoman confirmed with CNET that the initial extension reported by the researcher was patched months ago but questioned the overall labeling of Chrome OS as vulnerable due to its use of extensions.

Source: CNET