A missing ampersand locked some users out of their Chromebooks

A major bug in a recent Chrome OS release (91.0.4472.147) left some users bricked out of their Chromebooks. Reddit, in due course, has already spotted the issue. As some eagle-eyed users, including one “elitist_ferret” (first spotted by Android Police), have pointed out, the problem appears to boil down to a missing ampersand in Google’s code.

Specifically, it seems that Google used one “&” in a conditional statement in its Cryptohome VaultKeyset, rather than two “&&”, which is the “AND” operator in C++, breaking up the line. The mishap prevented Chrome OS from checking user passwords against stored keys, as Ars Technica notes, and that left some users unable to log in.

The Chrome OS subreddit was aware of the bug in 91.0.4472.147 as early as the afternoon of July 19th. “The latest stable update is stopping users from logging in,” one user wrote at 1:23PM ET. “We recommend that you DO NOT update until further notice.” A number of users also began reporting bugs around that time — some complained that their devices wouldn’t accept their passwords, while others said they couldn’t even get past the boot-up screen.

Google said that evening on its Customer Care Portal that a solution would be deployed by the end of the day on July 21st, and recommended that users powerwash their devices, roll back to previous Chrome OS builds, log in with Guest Mode, or wait for the fix. By the next day, the company had identified the issue with the new build and had halted its rollout. On the 21st, it noted that a new version (91.0.4472.167) was being rolled out.

“The rollout will gradually release to devices over the next few days,” the update reads. “Affected devices can login via Guest Mode or an account that hasn’t signed into the device.” Once affected users have successfully signed in, they can follow the steps in Google’s Help Center to download the latest update.

Written by