Full information: Product Status - Google Help
This document lists affected Google products and their current status of mitigation against CPU speculative execution attack methods. Mitigation Status refers to our mitigation for currently known vectors for exploiting the flaw described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
The issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances users and customers may need to take additional steps to ensure they’re using a protected version of a product, as detailed below.
Google Chrome Browser
Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.
Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.
This document lists affected Google products and their current status of mitigation against CPU speculative execution attack methods. Mitigation Status refers to our mitigation for currently known vectors for exploiting the flaw described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.
The issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances users and customers may need to take additional steps to ensure they’re using a protected version of a product, as detailed below.
Google Chrome Browser
Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.
Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.
- Desktop (all platforms), Chrome 63:
- Full Site Isolation can be turned on by enabling a flag found at chrome://flags/#enable-site-per-process.
- Android:
- Site Isolation is available in chrome://flags but may have additional functionality and performance issues.
- iOS:
- Chrome on iOS uses Apple’s WKWebView, so JS compilation mitigations are inherited from Apple.
- Chrome on Chrome OS includes the Chrome browser mitigations mentioned above, including Site Isolation.
- OS versions prior to 63 are not patched. Chrome OS systems started receiving version 63 on 12/15/2017.
- Some Chrome OS devices are end of life and no longer receiving updates. To check your specific model, see this page.
- Run only trusted code from Google and are not at risk from this attack.