To avoid any vulnerabilities, update ChromeOS to R63
From Google Security: Link
Snippets:
Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Google Chrome OS (e.g., Chromebooks):
- Some additional user or customer action needed. More information here.
Google Chrome OS on Chromebooks:
- Chrome on Chrome OS includes the Chrome browser mitigations mentioned above, including Site Isolation.
- OS versions prior to 63 are not patched. Chrome OS systems started receiving version 63 on 12/15/2017.
- Some Chrome OS devices are end of life and no longer receiving updates. To check your specific model, see this page.
Intel Chrome OS devices on kernels 3.18 and 4.4 are patched with Kernel Page Table Isolation (KPTI) in Chrome OS 63 and above. Older kernels will be patched with KPTI in a future release. Known attacks do not affect existing ARM Chrome OS devices, but these devices will also be patched with KPTI in a future release.
Public codename | Marketing name | Kernel version | Architecture | Auto update ends (*=official) | KPTI on M63? |
KPTI eventually?
|
enguarde | CTL N6 Education Chromebook | 4.4.107 | x86_64 | 2020-03-01 | Yes | Yes |
jerry | CTL J2 / J4 Chromebook for Education | 3.14 | armv7l | 2020-04-01 | Not needed | TBD |
relm | CTL NL61 Chromebook | 3.18 | x86_64 | 2021-08-01 | Yes | Yes |
wizpig | CTL J5 Chromebook | 3.18 | x86_64 | 2021-08-01 | Yes | Yes |
Comments
0 comments
Please sign in to leave a comment.