Wednesday , October 18 2017

Google comments regarding ChromeOS and Shellshock Bash bug

Shell-Shock-(1)
If you’ve been reading any IT related news over the last week, chances are you’ll be quite familiar with the Shellshock Bash bug which everyone has been talking about. The Shellshock Bash bug affects Bash, which at it’s basic core is an interpreter for Linux and Unix systems. Put simply, the Shellshock bug has the ability to let unknown users execute commands using Bash on desktops, servers and embedded systems all over the world – scary stuff.

If you’re wanting a complete run-down on Shellshock, the way it works and it’s implications, there’s an excellent run-down done by Troy Hunt, which you can read on his website.

ChromeOS at its core runs a Linux kernel and parts intersect with components which may be affected by the bug. But, because of the quite secure design of ChromeOS, it’s not really much to worry about, unless you’re running Developer mode. In Developer mode, there is a possibility that the Crosh shell could be impacted by the bug, but Google is on it already. Chromebook Community manager Andrea, has commented in the Chromebook Central product forum, advising:

Hi everyone,

The vast majority of users running Chrome OS were not affected by this issue. The only place there is a potential vulnerability is in conjunction with crosh, which must be started manually and does not allow access to the vulnerable functionality. We are releasing an update which will remediate the risk for crosh. Google takes security very seriously and takes every step to ensure the safety of our users and their data. We constantly monitor for security vulnerabilities, and will make the appropriate patches as quickly as possible.

Appreciate you taking the time to inquire!
-Andrea

So, we can expect something for the Developer channel of ChromeOS quite soon.

If you’re running Developer mode, there’s a good possibility you’re running Ubuntu through Crouton, or ChrUbuntu, in which case you may want to check your system using steps outlined on the Ubuntu forums .

The Shellshock Bash bug is no laughing matter, if you thought heartbleed was bad, this is worse. If you are using developer mode, and you’re worried, perhaps changing back to stable or Beta channels till the fix is released is a good idea.

 
Source: Google Groups, Ubuntu Forums, Troy Hunt, and Title Image Credit.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

Be the First to Comment!

avatar
wpDiscuz

Check Also

Samsung Galaxy Tab S3 now available at Optus on contract or outright

If you’re looking for a new high-end tablet it looks like Optus have begun selling …