Have you tried simply visiting, e.g. https://www.ssllabs.com/ssltest/viewMyClient.html from a ChromeOS device?

RSA decryption is obsolete and any site which does not enable a more modern option is insecure and must be fixed. Alas, that covers much of the web. Lovely as it would be to disable RSA decryption on the client, that is not even remotely practical right now. No major clients disable RSA decryption ciphers today.

However, ROBOT is about servers, not clients. CrOS is a client, not a server.

What matters is if the server both enables it and fails to implement the mitigations correctly. That server then exposes an RSA private key oracle, whether or not clients happen to use it or not. That oracle may be used for decryption OR signing, affecting clients that disable RSA decryption too. (The attack is certainly much more practical for RSA decryption as it can be carried out offline, but if you're only worried about offline attacks, you can also lean on downgrade protection to force more modern cipher suites with servers that support it.)

So, no, this attack is not directly applicable for CrOS. (Where CrOS does have miscellaneous server components, it would use Chrome's BoringSSL or the copy of OpenSSL the CrOS folks, both of which implement the Bleichenbacher mitigations, implemented in part by yours truly.)

Thanks for the comments in #3.

Thanks for the help and the expert analysis!

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot