New issue
Advanced search Search tips

Issue 625211 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jul 2016
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: ----
Type: Bug-Security



Sign in to add a comment

Developer Mode makes it possible to avoid enterprise management on ChromeOS

Reported by 32299...@gmail.com, Jul 1 2016

Issue description

This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
by turning OS verification off resetting the CMOS by unplugging the battery, then removing bios write protection screw, holding power button, plugging AC adapter on a chromebook then booting into dev mode then changing serial # one could unenroll their chromebook from enterprise managment

VERSION
51.0.2704.106

REPRODUCTION CASE
files not applicable
FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]

 
Labels: -Restrict-View-SecurityTeam OS-Chrome
Status: WontFix (was: Unconfirmed)
Summary: Developer Mode makes it possible to avoid enterprise management on ChromeOS (was: Remove enterprise managment on chromebook, )
Developer Mode is a supported use case.

In general, applications and platforms have extremely limited means to defend against an attacker who physically possesses the device. See the Chrome Security FAQ for more information:

https://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-
Project Member

Comment 2 by sheriffbot@chromium.org, Oct 8 2016

Labels: allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Issue 882179 has been merged into this issue.

Sign in to add a comment