A little-known behavior in Chrome OS could reveal a user’s movements through Wi-Fi logs. Leveraging Chrome OS’s Guest mode feature, the attack would require physical access to the device, but it can be executed without knowing the user’s password or having login access.
The bug was flagged to The Verge by the Committee on Liberatory Information Technology, a tech collective that includes several former Googlers.
“We are looking into this issue,” said a Google spokesperson. “In the meantime, device owners can turn off guest mode and disable the creation of new users.” Instructions for turning off Guest browsing are available here.
The bug stems from the…