Google announces to have fixed a serious Chrome OS flaw that was preventing users from accessing their devices. According to Google’s bulletin, Chrome OS version 91.0.4472.165, which was only accessible for a short time this week, prevents users from logging in to their devices, thus bricking them.
Users who reset their devices are abruptly shut out since Chrome OS automatically downloads updates and switches to the latest version following a reboot. While this problematic update is out there, the best recommendation is to avoid rebooting.
According to the bulletin, a new build, version 91.0.4472.167, is already being rolled out to correct the problem, although it may take a “few days” to reach everyone. Users who have been afflicted by the poor update can either wait for it to update again or “powerwash” their device, which means wiping all local data, in order to log in.
Since Chrome OS is primarily cloud-based, if you’re not doing anything advanced, such as running Linux apps, this solution is less of a hassle than it would be on other operating systems. Despite this, some users have reported data loss.
Chrome OS is open source, so we can learn more about the fix thanks to Android Police tracking down a Reddit comment from user elitist_ferret. The issue appears to be a single-character typo. Google mistyped a conditional statement in Chrome OS’s Cryptohome VaultKeyset, which stores user encryption keys.
“if (key data .has value() &&!key data ->label().empty())” should be the line. The bad update, however, used a single ampersand instead of “&&,” the C++ version of the “AND” operator, breaking the second half of the conditional statement.
Because of this error, it appears that Chrome OS never properly tested user passwords against the stored keys, resulting in even correct passwords being returned with the message “Sorry, your password could not be verified.”
“Affected devices can login via guest mode or an account that hasn’t signed into the device and follow the steps in this [Help Center] article to download the update,” said Google.
Chrome OS’s entire selling point is that it’s dependable and indestructible, and mishandled updates like this harm the OS. It’s unclear how such a glaring, show-stopping flaw got into the stable release channel.
Changes to Chrome OS are expected to go through three testing channels: “canary,” “dev,” and “beta,” with weeks of testing in between releases. This issue managed to elude the entire process. This appears to be a bug that could have been detected by a unit test or automated testing—the inability to log in is quite evident.
This is the second time this month that a Chrome OS version 91 update has gone wrong. On June 30, 2021, an upgrade to version 91.0.4472.147 proved problematic for certain system setups, resulting in high CPU usage. The erroneous update was undone by Google roughly a week ago, but the problematic code has yet to be addressed.
Google’s patch, Chrome OS 91.0.4472.167, was released on Wednesday and is being rolled out slowly in accordance with Google’s release schedule.