British secret service has reservations about Chrome OS
The British secret service has reservations about the security of Chrome OS, Google’s operating system that is used on Chromebooks, among other things. According to the GCHQ, the encryption is not good enough; the same goes for the vpn client.
Chrome OS’s VPN client doesn’t support “certain measures expected from secure VPNs,” writes a GCHQ department that advises UK government agencies and businesses on computer security. For example, ‘traffic is sent to Google before the VPN connection is enabled’, which can lead to data leakage. It is not possible to install another VPN client yourself, the service emphasizes.
The encryption of Chrome OS is also not optimal, according to the secret service. According to the service, functionality that may be expected from encryption is missing, but exactly what that is remains unnamed. In addition, there is no limit to the number of login attempts if a user has locked the screen but has not been logged out. As a result, there is a greater risk that the password can be guessed, the secret service notes.
Finally, Chrome OS relies heavily on Google servers. Logging in to a device is done via a Google login, and devices are also managed via a Google admin console, the service notes.