A Linux vulnerability referred to as “Dirty Pipe” (CVE-2022-0847), has recently been publicly disclosed affecting kernels higher than 5.8, which can grant any attacker root privileges to your device. This exploit, first reported by known security researcher Max Kellerman, has been coined the biggest security threat to Linux in years and can affect any Linux-powered device, such as Chromebooks and Android devices.
Thankfully, after discovering the vulnerability back in February, Kellerman sent a bug report and a patch to the Linux kernel security team, only to discover that the bug could also be reproduced on the Google Pixel 6 as well. Following this, Kellerman immediately reported this to the Android Security Team, which merged his bug fix into the Android kernel.
As discovered by 9to5Google, The Chrome OS team also picked up the fix on March 7th and seems to have it scheduled to roll out as an incremental update to Chrome OS 99, which just hit the Stable channel yesterday. As far as Android goes, the bug only affects newer kernels and most Android devices are using an older version — except the Samsung Galaxy S22 and the Google Pixel 6 series — which as we have become painfully aware won’t be receiving an update until later this month. According to Google though, the Pixel 6 update delay has nothing to do with the timing of this patch.
How can I keep my Chromebook and/or Pixel 6 safe?
Even though this exploit is very recent and there have been no reported cases where it has been used nefariously, it is always better to remain cautious in these cases. First, you will want to check if your device could potentially be at risk from “Dirty Pipe”. We know the two Android devices that are at risk, but if you want to verify this on your Chromebook, 9to5Google gives a very simple how-to below:
On Chrome OS, open a new tab and navigate to chrome://system and scroll down to “uname.” If the number after “Linux localhost” is higher than 5.8, your device may be affected.
9to5Google
For now, and until a patch is applied, the best way to keep your device safe is to avoid running apps that request access to your device’s files unless it’s an app you know and trust. The information is out there now on how to use this exploit, so it is not unlikely that a bad actor will try to take advantage of it. Please be careful and watch this space for any new developments on this front.
Join Chrome Unboxed Plus
Introducing Chrome Unboxed Plus – our revamped membership community. Join today at just $2 / month to get access to our private Discord, exclusive giveaways, AMAs, an ad-free website, ad-free podcast experience and more.
Plus Monthly
$2/mo. after 7-day free trial
Pay monthly to support our independent coverage and get access to exclusive benefits.
Plus Annual
$20/yr. after 7-day free trial
Pay yearly to support our independent coverage and get access to exclusive benefits.
Our newsletters are also a great way to get connected. Subscribe here!
Click here to learn more and for membership FAQ