https://arstechnica.com/gadgets/2021/07/google-pushed-a-one-character-typo-to-production-bricking-chrome-os-devices/

Skip to main content
 

  * Biz & IT
  * Tech
  * Science
  * Policy
  * Cars
  * Gaming & Culture
  * Store
  * Forums

Subscribe
 
[                    ]
Close
 

Navigate

  * Store
  * Subscribe
  * Videos
  * Features
  * Reviews

  * RSS Feeds
  * Mobile Site

  * About Ars
  * Staff Directory
  * Contact Us

  * Advertise with Ars
  * Reprints

Filter by topic

  * Biz & IT
  * Tech
  * Science
  * Policy
  * Cars
  * Gaming & Culture
  * Store
  * Forums

Settings

Front page layout


Grid

List

Site theme

Black on white
White on black
Sign in

Comment activity

Sign up or login to join the discussions!

[                    ] [                    ] [Submit] [ ] Stay
logged in | Having trouble? 
Sign up to comment and more Sign up

I guess three testing channels are not enough? --

Google pushed a one-character typo to production, bricking Chrome OS
devices

Google broke a conditional statement that verifies passwords. A fix
is rolling out.

Ron Amadeo - Jul 22, 2021 5:32 pm UTC

Google pushed a one-character typo to production, bricking Chrome OS
devices
Enlarge
Bloomberg / Getty Images

reader comments

81 with 67 posters participating

Share this story

  * Share on Facebook
  * Share on Twitter
  * Share on Reddit

Google says it has fixed a major Chrome OS bug that locked users out
of their devices. Google's bulletin says that Chrome OS version
91.0.4472.165, which was briefly available this week, renders users
unable to log in to their devices, essentially bricking them.

Chrome OS automatically downloads updates and switches to the new
version after a reboot, so users who reboot their devices are
suddenly locked out them. The go-to advice while this broken update
is out there is to not reboot.

The bulletin says that a new build, version 91.0.4472.167, is rolling
out now to fix the issue, but it could take a "few days" to hit
everyone. Users affected by the bad update can either wait for the
device to update again or "powerwash" their device--meaning wipe all
the local data--to get logged in. Chrome OS is primarily cloud-based,
so if you're not doing something advanced like running Linux apps,
this solution presents less of an inconvenience than it would on
other operating systems. Still, some users are complaining about lost
data.

ChromeOS is open source, so we can get a bit more detail about the
fix thanks to Android Police hunting down a Reddit comment from user 
elitist_ferret. The problem apparently boils down to a
single-character typo. Google flubbed a conditional statement in
Chrome OS's Cryptohome VaultKeyset, the part of the OS that holds
user encryption keys. The line should read "if (key_data_.has_value()
&& !key_data_->label().empty()) {" but instead of "&&"--the C++
version of the "AND" operator--the bad update used a single ampersand,
breaking the second half of the conditional statement.

Advertisement
ChromeOS's programming typo. It happens to the best of us.
Enlarge / ChromeOS's programming typo. It happens to the best of us.

It sounds like, because of this error, Chrome OS never properly
checked user passwords against the stored keys, so even correct
passwords came back with a message saying, "Sorry, your password
could not be verified."

The whole selling point of Chrome OS is that it's reliable and
unbreakable, and botched updates like this hurt the OS. It's not
clear how such an obvious, show-stopping problem like this made it
into the stable release channel. Chrome OS has three testing channels
that changes are supposed to go through--the "canary," "dev," and
"beta" channels--with weeks of testing between releases. Somehow this
bug escaped that entire process. This problem also seems like
something a unit test or automated testing could have caught--not
being able to log in is pretty obvious.

The error marks the second defective Chrome OS update pushed out this
month. An update at the beginning of July made CPU usage spike on
some models, slowing them down to a crawl.

reader comments

81 with 67 posters participating

Share this story

  * Share on Facebook
  * Share on Twitter
  * Share on Reddit

 
Ron Amadeo Ron is the Reviews Editor at Ars Technica, where he
specializes in Android OS and Google products. He is always on the
hunt for a new gadget and loves to rip things apart to see how they
work. Email ron@arstechnica.com // Twitter @RonAmadeo
Advertisement

You must login or create an account to comment.

Channel Ars Technica

- Previous story Next story -

Related Stories

Today on Ars

  * Store
  * Subscribe
  * About Us
  * RSS Feeds
  * View Mobile Site

  * Contact Us
  * Staff
  * Advertise with us
  * Reprints

Newsletter Signup

Join the Ars Orbital Transmission mailing list to get weekly updates
delivered to your inbox.

Sign me up -
 

CNMN Collection
WIRED Media Group
(c) 2021 Conde Nast. All rights reserved. Use of and/or registration on
any portion of this site constitutes acceptance of our User Agreement
(updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1
/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn
compensation on sales from links on this site. Read our affiliate
link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed,
transmitted, cached or otherwise used, except with the prior written
permission of Conde Nast.
Ad Choices