How To Protect Against Latest Intel CPU Vulnerabilities for Chrome, Android etc

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Full information: Product Status - Google Help

This document lists affected Google products and their current status of mitigation against CPU speculative execution attack methods. Mitigation Status refers to our mitigation for currently known vectors for exploiting the flaw described in CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

The issue has been mitigated in many Google products (or wasn’t an issue in the first place). In some instances users and customers may need to take additional steps to ensure they’re using a protected version of a product, as detailed below.

Google Chrome Browser
Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it.

Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.
  • Desktop (all platforms), Chrome 63:
    • Full Site Isolation can be turned on by enabling a flag found at chrome://flags/#enable-site-per-process.
  • Android:
    • Site Isolation is available in chrome://flags but may have additional functionality and performance issues.
  • iOS:
    • Chrome on iOS uses Apple’s WKWebView, so JS compilation mitigations are inherited from Apple.
Google Chrome OS (Chromebooks etc.)
  • Chrome on Chrome OS includes the Chrome browser mitigations mentioned above, including Site Isolation.
  • OS versions prior to 63 are not patched. Chrome OS systems started receiving version 63 on 12/15/2017.
  • Some Chrome OS devices are end of life and no longer receiving updates. To check your specific model, see this page.
Google Home / Chromecast / Wifi / OnHub
  • Run only trusted code from Google and are not at risk from this attack.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top