A bug in the way Chrome OS stores logs of Wi-Fi networks could reveal your location history to anyone with physical access to your Chromebook.
The Verge reported on the bug, which was brought to them by the Committee on Liberatory Information Technology, a tech collective which includes several former Googlers. Further, a Google spokesperson informed The Verge that the company was “looking into the issue.”
In short, Chrome OS stores logs detailing when and how it connects to the internet. Although reading the logs can be confusing, they can be deciphered — doing so reveals which Wi-Fi networks were within range of the Chromebook. Coupled with the other available data, the logs could effectively reveal where the Chromebook has been over the time covered by the Wi-Fi logs, a period of up to seven days.
As for how to access the logs, Chrome OS stores them in unprotected memory. In other words, that means anyone can access them without a password, as long as they know where to look — navigating to a standardized address brings up the logs. Anyone with physical access to a Chromebook could open it in Guest mode and access the standardized address to view the logs. Because of how Chrome OS stores the logs, all logs for that Chromebook can be viewed from Guest mode, not just the ones specific to that Guest’s session.
If you have a Chromebook, it’s worth noting that you don’t really need to worry — there are a few things worth considering. First, the bug doesn’t pose much of a threat from cybercriminals. Instead, the bug is a significant privacy concern, especially for those worried about surveillance from people close to them that could access the device, such as family members or co-workers.
It’s also worth noting that Chromebook owners worried about the bug can shut down unauthorized access to the Wi-Fi logs by turning off Guest mode. You can find instructions on how to turn off Guest mode here. Turning off Guest mode doesn’t stop Chrome OS from creating the problematic Wi-Fi logs, but it can prevent others from viewing them by restricting access to the Chromebook to those with an account and password.
Source: The Verge