CPU Vulnerability and ChromeOS

    Follow

    To avoid any vulnerabilities, update ChromeOS to R63

    From Google Security: Link

    Snippets:

    Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.

    The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

    These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

    Google Chrome OS (e.g., Chromebooks):

      • Some additional user or customer action needed. More information here.

    Google Chrome OS on Chromebooks:

    • Chrome on Chrome OS includes the Chrome browser mitigations mentioned above, including Site Isolation.
    • OS versions prior to 63 are not patched. Chrome OS systems started receiving version 63 on 12/15/2017.
    • Some Chrome OS devices are end of life and no longer receiving updates. To check your specific model, see this page.

    Intel Chrome OS devices on kernels 3.18 and 4.4 are patched with Kernel Page Table Isolation (KPTI) in Chrome OS 63 and above. Older kernels will be patched with KPTI in a future release. Known attacks do not affect existing ARM Chrome OS devices, but these devices will also be patched with KPTI in a future release.

    Public codename Marketing name Kernel version Architecture Auto update ends (*=official) KPTI on M63?
    KPTI eventually?
    enguarde CTL N6 Education Chromebook 4.4.107 x86_64 2020-03-01 Yes Yes
    jerry CTL J2 / J4 Chromebook for Education 3.14 armv7l 2020-04-01 Not needed TBD
    relm CTL NL61 Chromebook 3.18 x86_64 2021-08-01 Yes Yes
    wizpig CTL J5 Chromebook 3.18 x86_64 2021-08-01 Yes Yes
    Was this article helpful?
    0 out of 0 found this helpful

    Comments