Google’s official mitigations list showing which Chromebooks are vulnerable to Meltdown vulnerability

Technology

Spectre and Meltdown last week took the whole technology industry by storm. But fortunately, companies are working towards patching the vulnerabilities. For Chrome OS, the most recent devices are patched against Meltdown, with Google posting a whole list on the current status of mitigations.

As found by Android Police, the list is available on the Chromium Projects site. It includes each Chrome OS device in existence, with the public codename, architecture, kernel version, and auto update status.

The 2 right-most columns indicate the status (Yes, No, Not needed, EoL) of the Kernel Page Table Isolation (KPTI) mitigation for Meltdown (CVE-2017-5754). If it has not been patched the 2nd column indicates whether it’ll be ultimately available.

With the released of Chrome OS 63 in mid-December, Intel devices on kernels 3.18 and 4.4. were patched. Meanwhile, the old devices that haven’t yet reached the EoL software update status will be currently having the mitigation backported.

ARM Chrome OS devices aren’t affected, however, they’ll be patched with KPTI in a future release.

Chrome is also expected to get extra patches later this month with the release of version 64. With More updates will come in the future:

Chrome was JavaScript engine, V8 will include mitigations beginning with Chrome 64. Which will be released on or around Jan 23rd, 2018. Future Chrome releases will include extra mitigations and hardening measures which will further reduce the impact of this type of attack.

Leave a Reply

Your email address will not be published.