ChromeOS uses an older kernel than even Debian Stable and RHEL. The older the kernel, the less the security risks. ChromeOS disables io_uring, which most (all?) other distros leave enabled. io_uring present a large attack surface. ChromeOS uses selinux and other containment technologies to contain the processes most vulnerable to adversarial input (namely, the browser and the media codecs). Fedora and RHEL use selinux, too, but there it is specialized in containing any internet services, e.g., a web server, that might be running on the machine: the browser and the media-file viewers (e.g., the PDF reader) are not constrained by selinux at all on Fedora and RHEL. This works fine for servers (which is Red Hat's bread and butter) but is almost useless for clients (devices used by end users). In contrast, the way selinux is used on ChromeOS is effective at securing a computer being used as an internet client.
It goes on and on. You should read the OP; it is really quite informative.
One thing that bothered me about this story for a long time was the fact that Google is pretty good at security, but Google allows its employees to use Linux on end-user devices. Then I realized that Google cannot trust its employees: with 40,000 software developers, Google must operate so as to be secure even if a few of those developers secretly hate Google and want it to fail or have been paid off or blackmailed into harming Google. The measures Google takes to protect against such employees (i.e., making sure that all code is reviewed by another developer before deployment, and making it so that a reviewer cannot choose which coders he reviews and vice-versa) naturally also protect against Linux running on the devices in front of the employees. (Even then Google is unsatisfied with the security of any of the publicly-available distros with the result that Google maintains its own internal Linux distro.)
> It goes on and on. You should read the OP; it is really quite informative.
I'm going to let this pass since I don't want to start a flamewar here but I think it's very rude to imply I didn't read the OP, and I think less of you for it.
So to summarize, you believe ChromeOS is immune to the Kernel's security vulnerabilities outlined in the OP because:
- it uses sandboxing (unrelated to kernel security)
- disabled io_uring
- it uses SELinux (unrelated to kernel security) which other distros do as well but you believe ChromeOS does it more effectively for desktop applications
It goes on and on. You should read the OP; it is really quite informative.
One thing that bothered me about this story for a long time was the fact that Google is pretty good at security, but Google allows its employees to use Linux on end-user devices. Then I realized that Google cannot trust its employees: with 40,000 software developers, Google must operate so as to be secure even if a few of those developers secretly hate Google and want it to fail or have been paid off or blackmailed into harming Google. The measures Google takes to protect against such employees (i.e., making sure that all code is reviewed by another developer before deployment, and making it so that a reviewer cannot choose which coders he reviews and vice-versa) naturally also protect against Linux running on the devices in front of the employees. (Even then Google is unsatisfied with the security of any of the publicly-available distros with the result that Google maintains its own internal Linux distro.)