Creaking Chromebooks getting Meltdown protection soon

Chrome OS 66 to protect older Intel units, still working on ARM

Older Chromebook owners should keep an eye open for Chrome OS updates, because Google has announced they'll get Meltdown protection soon.

The fix for the now-notorious speculative execution side-channel attack will arrive in Chrome OS 66. This went to the beta channel for Android last Friday (March 16).

Older Chromebooks running kernel 3.14 or 3.8 will get the Kernel Page Table Isolation (KPTI) Meltdown mitigation in Chrome OS 66.

The vendor list had all the familiar names: Acer, ASUS, Dell, Lenovo, Toshiba and Google (for kernel 3.14); with HP, LG and Samsung added to that list for kernel 3.18 machines.

Intel-based Chromebooks received the retpoline compiler-based mitigation as of Chrome OS 65.

As the advisory noted, Arm-based Chrome OS devices weren't subject to Meltdown, and Google's still working to implement Arm's Spectre remediations.

On March 20, Chrome OS 65 had a separate bug fix release for its Windows, Linux and Mac desktop version. There was one security fix in release 65.0.3325.181, but for now the nature of the fix is under wraps while the update rolls out. ®

Keep Reading

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers

Chocolate Factory spills beans early on privilege-escalation flaw

Now-patched Ubuntu desktop vulnerability allows privilege escalation

'Unusual for a vulnerability on a modern operating system to be this easy to exploit,' says bughunter

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Intel, Apple, Cisco, Google sue US Patent Office – Tech police, open up!

Silicon Valley heavyweights demand access to review boards that can shoot down trolls just ahead of trial

One would assume that they like to 'Moovit, Moovit'. Intel-owned transport app hitches ride on Huawei AppGallery

Chinese bogeyman continues to seek stand-ins for Google's Android services

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild

Patch Tuesday Android, Adobe, SAP, Red Hat join the bug-busting party

Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present

Hands On Google Cloud Platform account required, API key comes with Ts&Cs

Android devs: If you're using the Google Play Core Library, update it against this remote file inclusion CVE. Pronto

Updated You should have done that in April anyway, says Check Point, but lots of you haven't. *Cough* Cisco Teams

Biting the hand that feeds IT © 1998–2021