Skip to content

ChromeOS Security Features

When ChromeOS was first released, it was seen as one of the most secure modern operating systems on the market. ChromeOS includes multiple layers of security to emphasize the computing principle of "defense in depth" to ensure that your sensitive content is safe - even if, in the unlikely event that a layer of security were to fail. 

This chapter will describe the security features that are included with ChromeOS; however, it is worth noting that the most important layer of security is the end user. Users should always be vigilant when it comes to following best-practices, as they can undermine all the built-in security features that ChromeOS offers.

ChromeOS Core Security Features

Automated Security Updates and Patching

One of the most common entry-points for malicious software is running outdated software. There are countless new exploits that are being discovered every single day, and the ChromeOS team is constantly working to ensure that ChromeOS is updated with the latest patches to prevent these exploits from being able to impact users of ChromeOS. Unlike other popular operating systems on the market, ChromeOS has a robust set of mechanisms to automatically update devices, without any user interaction aside from a reboot. 

In addition to security updates, a ChromeOS update may also introduce new features or enhance existing features. 

ChromeOS Devices do have a finite amount of time that they will receive automated security updates. This is normally between 5 and 10 years from the date that the model was initially released, not from the date that your specific model was purchased. It is strongly advised that all users refer to our ChromeOS Device Database to check their devices' "EUA Date" and avoid purchasing devices that are unable to recieve updates.

Verified (Signed) Boot Chain

ChromeOS uses a sophisticated boot sequence to prevent malicious code, known as root-kits, from being injected into the operating system's kernel. Root-kits are one of the most damaging forms of malware that a computer can be infected with as, unlike traditional malware, it can survive a complete re-installation of the operating system. All ChromeOS devices include custom firmware eUFI that manages the initial boot process and will refuse to boot operating systems that are not cryptographically signed by Google. Once the initial boot process has stated, each additional step of the ChromeOS boot process is also checked to ensure that the operating system has not been tampered with. Additionally, the kernel and all kernel modules are also signed. 

If you enable ChromeOS's Developer Mode, the ChromeOS Verified Boot Chain can be turned off, which will allow users to boot untrusted/modified operating systems or to run unsigned kernels. Turning developer mode on and disabling ChromeOS Verified Boot can introduce security vulnerabilities, as it could theoretically permit malicious software to tamper with the operating system or insert itself into the boot process. 

Immutable Operating System Images

One of the key security features that sets ChromeOS apart from many other operating systems is its use of immutable operating system images. This design helps ensure a high level of security, stability, and reliability for users, making ChromeOS a strong choice for those concerned with maintaining a secure environment. An immutable operating system image means that the core system files and operating system components are read-only. This prevents unauthorized or malicious modifications to the system by external threats or even users themselves. In simpler terms, the system files cannot be altered during regular use, which greatly reduces the chance of malware or accidental changes that could corrupt the operating system.

Each time ChromeOS boots, the operating system checks the integrity of its image. If any alterations are detected in the core files, ChromeOS will revert to a known good state. This feature works in conjunction with ChromeOS’s Verified Boot system, which performs integrity checks at multiple stages during the boot process to ensure that the OS has not been tampered with.

Benefits of the Immutable Image Design

  • Security Against Malware : Since the operating system files are read-only, malware that attempts to modify or embed itself into the OS has no way to persist through reboots. Even if malware temporarily compromises a session, a reboot restores the system to a clean state.
  • Consistency and Stability : Because the core system files are locked, updates and patches are less likely to break the system. Users can always expect the operating system to behave in a predictable manner. If something goes wrong during an update or if an error occurs, ChromeOS can simply roll back to the previous version without user intervention.
  • Fast and Reliable Updates : ChromeOS uses a dual-partition system for updates, where the operating system has two copies of itself. One partition is the active system, while the other holds the new update. When an update is available, it is applied to the inactive partition, and once it completes successfully, the system switches over to the newly updated version during the next reboot. If the new image has any issues, ChromeOS will automatically revert to the last known good version.
  • Resilient Against User Errors : Users often modify system files either by mistake or to perform custom tweaks. On ChromeOS, these changes are not possible because the OS image is immutable. This reduces the risk of accidental misconfiguration or corruption of the system files.

How Does This Affect Users?

For most users, the immutability of the operating system is a seamless experience. ChromeOS performs all updates, integrity checks, and reboots in the background. This design also means that users don’t have to worry about system maintenance or troubleshooting complex OS-level issues. If a problem does occur, the recovery process is straightforward: ChromeOS can either repair itself or guide the user through a simple recovery process by reinstalling the OS from a verified image.

For power users and developers, this immutability may initially feel limiting compared to more open systems like traditional Linux distributions. However, ChromeOS provides a Developer Mode that allows users to bypass some of these restrictions for development and customization purposes. Even then, the core security features of ChromeOS remain in place to protect users from broader threats.

ChromeOS’s use of immutable operating system images plays a critical role in ensuring security, stability, and ease of use. It is part of the broader security framework that makes ChromeOS one of the most secure and resilient operating systems available today. This feature allows users to enjoy a hassle-free computing experience, knowing their system is safeguarded against threats and accidental changes.

User Data Encryption

Chrome Web Browser

Chrome Browser Sandboxing

Phishing and Known Malicious Site Protection

Certificate Revocation

Android Application Security

Android on ChromeOS is designed to be secure; however, there are a few practical security tips to ensure that your Android installation is kept secure.

Android Appllication Permissions

Android Application Isolation

Google Play Services

The Google Play Store

The Google Play Store is designed to be a effective first line of defense to ensure the applications are safe, however occasionally a fake or malicious application can make it onto The Google Play Store. These malicious and fake applications often masquerade as new "triple A" games that are popular on consoles to make users think the application is a Android port of the game. These malicious applications typically exist to spam users or collect data. It is important to read the reviews for any application you want to install if you are unsure of its legitimacy.

Sideloading Android Applications

By default, ChromeOS does not permit users to install Android applications from outside the Google Play Store; however, it is possible to bypass this restriction with some developer settings that will be discussed in the "Hacking and Modifications" chapter of this book. If you choose to install applications from outside the Google Play Store, you must ensure that you are getting your applications from a trusted source and validate that they are not malicious. It is not uncommon for pirated Android applications downloaded from websites to contain malware.

Linux Security