Google's plan to release a Chrome-based OS next year has garnered the expected fanfare that comes with anything the company announces. I've also seen articles in which people at Google are quoted as saying the OS will be free from malware and immune to malicious hackers. My gut feeling is that these folks were misquoted. I don't think anyone with serious experience in this field would make that sort of claim -- but I could be wrong.
Whether or not they said it, the question remains: Is it truly possible for the search giant to accomplish what no other company has and release a perfectly secure OS? The answer: Probably not. (For the sake of full disclosure, I'm a security architect at Microsoft.)
[ See what Microsoft CEO Steve Ballmer had to say about Google Chrome OS. | Gets answers to all your questions in the Google Chrome OS FAQ. ]
For starters, the best indicator of future behavior is past behavior. Every software vendor who has promised perfect security has failed to deliver. Who can forget Oracle CEO Larry Ellison's pledge of "unbreakable software"? That was hundreds, if not thousands, of patched bugs ago. Unlike Oracle's offerings, Chrome OS will be available to and used by the general public, making it a huge target for malicious hackers and purveyors of malware. That alone renders the prospect of flawless security all but impossible.
Second, I don't know of a Google product to date that has not had its share of bugs. Even Google Chrome, the "most secure browser ever," has had at least eight discovered vulnerabilities in its very short life -- and with the browser's very small market share. If Google Chrome were to gain market share, more vulnerabilities would naturally emerge. No software has ever escaped that fact.