Chromebooks are intrinsically secure machines – they are essentially insensitive to viruses and other similar threats found on other machines. The main weakness is physical, but Google is also trying to solve this problem.
There is a malicious USB tool called Rubber Ducky, which emulates a keyboard and can inject up to 1000 keystrokes per minute on any machine it has inserted. As long as a potential perpetrator will have physical access to your computer, he will just insert the USB stick and let him do the rest.
Since this is a physical weakness, it means that Chromebooks are just as vulnerable to Rubber Ducky attacks as other machines. But Google is working on a new feature for Chrome OS called USBGuard that will eliminate this threat by blocking access to USB ports of locked Chromebooks.
Although this is still a work in progress, it appears that the function does not simply block access to USB ports, but retains the currently used ports. For example, if you transfer files from a USB drive and the book goes to sleep, the transfer continues. Users will also be able to whitelist specific devices, such as mice and keyboards, so they are always available, regardless of the lock status of Chromebook.
The USBGuard flag is already available on the Canal Chrome Canary Bones for those who live dangerously but should be available for more users on other channels in the weeks or months to come.