Chromebooks already make a great choice for the less tech savvy, but there’s still a few easy ways their security can be compromised.

One of those is through the USB ports every Chromebook comes with. When a Chromebook is locked, it’s still possible to plug a device into one of the ports and have it interact with Chrome OS, which means malicious devices could be inserted into an unattended Chromebook.

The latest build of Chrome Canary, Google’s bleeding edge version of Chrome OS, adds a new feature called USBGuard.

What this does is lock down the USB ports on a Chromebook when the device is locked by the user.

It means inserting anything into the USB ports when in this state stops the device from being able to interact until the user is present and unlocks their Chromebook.

If a device is already connected via USB when a Chromebook is locked, it won’t have the connection killed and can continue to transfer data.

It’s also possible to whitelist devices so as to allow you to insert trusted hardware when a Chromebook is locked.

There may not be many cases where this would be desirable or useful, but the option is available nonetheless.

It’s unclear when USBGuard will make the jump from Canary to the main branch of Chrome OS, but Google won’t keep owners waiting too long.

All Chromebooks should get more secure early this year.