A bug in the way Chrome OS stores Wi-Fi network logs could reveal your location history to anyone with physical access to your Chromebook.
The edge reported the bug, which was brought to their attention by the Committee on Liberatory Information Technology, a technology collective that includes several former Googlers. Additionally, a Google spokesperson informed The edge that the company was “looking into the problem.”
In short, Chrome OS stores logs detailing when and how it connects to the internet. While reading newspapers can be confusing, they can be deciphered. This reveals which Wi-Fi networks were within range of the Chromebook. Coupled with other available data, the logs could effectively reveal where the Chromebook has been during the time covered by the Wi-Fi logs, a period of up to seven days.
As for how to access the logs, Chrome OS stores them in unprotected memory. In other words, that means anyone can access it without a password, as long as they know where to look – browsing to a standardized address brings up the logs. Anyone with physical access to a Chromebook can open it in Guest mode and go to the standardized address to view the logs. Due to the way Chrome OS stores logs, all logs on this Chromebook can be viewed in Guest mode, not just those specific to that Guest’s session.
If you have a Chromebook, know that you don’t really have to worry – there are a few things to consider. First, the bug does not pose a great threat to cybercriminals. Instead, the bug is an important privacy issue, especially for those who are concerned about monitoring close people who might gain access to the device, such as family members or coworkers.
It’s also worth noting that Chromebook owners concerned about the bug can stop unauthorized access to Wi-Fi logs by disabling Guest Mode. You can find instructions on how to turn off guest mode here. Turning off guest mode won’t prevent Chrome OS from creating the problematic Wi-Fi logs, but it may prevent others from viewing them by restricting access to the Chromebook to people with an account and password. .
Source: The edge