Google pushed a one-character typo to production, bricking Chrome OS devices

Bloomberg / Getty Pictures

Google says it has fastened a major Chrome OS bug that locked people out of their products. Google’s bulletin says that Chrome OS version 91..4472.165, which was briefly accessible this week, renders users unable to log in to their gadgets, effectively bricking them.

Chrome OS quickly downloads updates and switches to the new version soon after a reboot, so customers who reboot their products are out of the blue locked out them. The go-to advice though this damaged update is out there is to not reboot.

The bulletin says that a new create, edition 91..4472.167, is rolling out now to take care of the problem, but it could take a “handful of days” to hit absolutely everyone. Users affected by the lousy update can both wait around for the machine to update once again or “powerwash” their device—meaning wipe all the local data—to get logged in. Chrome OS is principally cloud-centered, so if you might be not performing anything advanced like running Linux apps, this remedy provides considerably less of an inconvenience than it would on other working units. Continue to, some buyers are complaining about dropped facts.

ChromeOS is open source, so we can get a bit much more element about the correct many thanks to Android Law enforcement hunting down a Reddit comment from user elitist_ferret. The trouble evidently boils down to a single-character typo. Google flubbed a conditional statement in Chrome OS’s Cryptohome VaultKeyset, the aspect of the OS that holds consumer encryption keys. The line must study “if (key_data_.has_benefit() && !crucial_facts_->label().empty()) {” but as a substitute of “&&”—the C++ variation of the “AND” operator—the terrible update made use of a single ampersand, breaking the next fifty percent of the conditional statement.

ChromeOS's programming typo. It happens to the best of us.
Enlarge / ChromeOS’s programming typo. It happens to the very best of us.

It seems like, since of this error, Chrome OS never appropriately checked user passwords against the stored keys, so even right passwords arrived back again with a message stating, “Sorry, your password could not be verified.”

The complete promoting issue of Chrome OS is that it’s trusted and unbreakable, and botched updates like this harm the OS. It’s not very clear how these an apparent, clearly show-stopping problem like this created it into the steady release channel. Chrome OS has three tests channels that variations are intended to go through—the “canary,” “dev,” and “beta” channels—with months of screening in between releases. In some way this bug escaped that entire procedure. This problem also looks like a thing a device examination or automatic testing could have caught—not getting capable to log in is really apparent.

The error marks the 2nd defective Chrome OS update pushed out this thirty day period. An update at the commencing of July made CPU usage spike on some types, slowing them down to a crawl.

Leave a Reply