Chrome OS is probably the most secure system to use from an exploit perspective.
Just never install an Android app on it (that feature doesn't have the same guarantees as the rest of the system), and preferably use a guest account on it (that's how they run it in security competitions)
You basically have to break four layers to exploit that. You have to break the web renderer, then out of the browser sandbox, then you need to exploit the kernel to be able to write outside the (non persistent) guest account storage, then you need to exploit the firmware/secure boot chain so secure boot doesn't detect your modifications to the filesystem when the system next boots.
Chrome OS is probably the OS that leaks the most personal info and behavior of all OS combined. It is inexcusable to subject children to it in my opinion. Advertisers know how to groom.
Just never install an Android app on it (that feature doesn't have the same guarantees as the rest of the system), and preferably use a guest account on it (that's how they run it in security competitions)
You basically have to break four layers to exploit that. You have to break the web renderer, then out of the browser sandbox, then you need to exploit the kernel to be able to write outside the (non persistent) guest account storage, then you need to exploit the firmware/secure boot chain so secure boot doesn't detect your modifications to the filesystem when the system next boots.