Google reported last week that it fixed a major Chrome OS flaw that locked users out of their machines. In a post to the Google bulletin, Google states that Chrome OS version 91.0.4472.165, which was only briefly available the week before, bricked devices of users.
Chrome OS is designed to automatically download updates and switches to the new version after performing a restart. When this happened with this specific update, the users found themselves locked out of their devices. Unsurprisingly, the best thing users of the OS can do right now is avoid rebooting their devices.
The Google bulletin reported that a new build, called version 91.0.4472.167, is rolling out to fix the problem, but it will take a few days to reach all users. For users whose devices have already been updated and are locked out of their own device, the advice is to powerwash the device (erase all local data) to log in or wait for the device to update again.
Since Chrome OS is primarily based in the cloud, the solution offered is not that drastic. Unless a user was running something like Linux apps, this will not be too inconvenient. However, some users have made complaints about lost data.
The defect in the update
Since Chrome OS is open-source, the issues plaguing it can be disclosed with ease to the users. We now know, thanks to the Android Police who hunted down a Reddit comment from elitist_ferret, that the problem has to do with a single-character typo.
The details of it are connected to a conditional statement that, due to misconfiguration, caused the Chrome OS to not check the user passwords against the stored keys. That explains why users got an error message saying that their password could not be verified.