A useful feature of Chrome OS is Guest Mode, which essentially acts as an incognito mode for a friend or family member to use your machine without access to any of your data. Unfortunately, though, there’s a bug that can actually reveal your location data to another user who is on Chromebook’s guest mode.
This bug comes from how Chrome OS handles Wi-Fi logs. That data, when accessed, can tell a knowledgeable user which Wi-Fi networks that machine has accessed for up to the past seven days. Combined with other data, this could expose the location history of the Chromebook’s owner, all without requiring a password or any clever methods. The data is just sitting right there in local storage.
This issue – which was first flagged by the Committee on Liberatory Information Technology, a group of people that includes former Googlers (via The Verge) – isn’t something most people should need to worry about, as it requires local, physical access to the device. Still, it’s an issue the committee claims Google has known about “for years” without acting on it and one that Andrés Arrieta, a researcher for the Electronic Frontier Foundation, says is “of particular concern for targeted and marginalized communities,” adding that “security teams should try to better understand the potential repercussions of those bugs for all their users and include that in their assessment and prioritization of bugs.”
When reached out to by The Verge regarding the bug, Google said:
We are looking into this issue. In the meantime, device owners can turn off guest mode and disable the creation of new users.
More on Chrome OS:
- Chromebooks are getting Android 11 in beta w/ dark mode support, better app scaling
- Google adds new ‘Imaginary’ wallpaper collection to Chromebooks [Gallery]
- Lenovo launches four new Chromebooks aimed squarely at the education sector
Author: Ben Schoon
Source: 9TO5Google
