Google Details Its Fight Against Spectre & Meltdown Exploits

Advertisement
Advertisement

Google explained in a blog post how it alleviated the impact of the Spectre and Meltdown vulnerabilities on its services and products. These security issues allow rogue programs or malware to access the information found in the device's system memory by exploiting the CPU's speculative execution functionality. The Mountain View-based tech company mentioned that while it has no knowledge of any successful reproduction of the security flaws in Android devices powered by ARM CPUs, it still resolved the security exploits through a fix incorporated into the January 2018 Android security patch. The patch is already being distributed to the Nexus and Pixel devices that are supported by the search giant. Google also mentioned on its support website that the firm already provided its partner manufacturers with a number of Intel and ARM-specific fixes and that the company plans to include additional security fixes in future updates.

Google stated it will soon release the version 64 of the Chrome browser which contains the necessary mitigations to prevent the exploitation of the two vulnerabilities. In the meantime, users may choose to activate the site isolation feature in the stable version of Google Chrome by using the instructions provided on the company's support website. However, activating site isolation may result in some performance issues. In addition to the mitigations included in the Google Chrome browser, supported Chromebooks that are powered by Intel processors and running Chrome OS 63 or newer have already been patched with the Kernel Page Table Isolation feature. KPTI serves as a workaround for the Meltdown vulnerability by isolating user-specific segments from the kernel space memory. Google Wi-Fi, Google Home, Chromecast, and the G Suite are already protected from both the Spectre and Meltdown exploits, according to the search giant, although users of several Google Cloud Platform services like the Google App Engine and the Google Compute Engine are now asked to patch their guest environments.

In a separate blog post, researchers from Google's Project Zero identified the processors that are affected by the security exploits. The Spectre vulnerability is classified as being available in two variants, with the first one being capable of affecting processors from Intel, AMD, and ARM. On the other hand, only x86 processors from the semiconductor company Intel are affected by the Meltdown vulnerability.

Advertisement