Chrome OS 74 protects Chromebooks against ‘ZombieLoad’ Intel vulnerability, more fixes coming
Following final yr’s Meltdown and Spectre attacks, new Intel CPU vulnerabilities have emerged. Colloquially named “ZombieLoad,” Google has already taken steps to guard Chromebooks right now, whereas Chrome OS 75 subsequent month options extra mitigations.
“ZombieLoad” — also referred to as the Microarchitectural Knowledge Sampling (MDS) vulnerabilities — is comprised of 4 points that benefit from CPU design flaws to let attackers learn delicate information. By visiting an internet site or working an Android app, customers may execute code that exploits MDS to learn delicate reminiscence contents.
If Chrome processes are attacked, these delicate information may embrace web site contents in addition to passwords, bank card numbers, or cookies. The vulnerabilities will also be exploited to learn host reminiscence from inside a digital machine, or for an Android App to learn privileged course of reminiscence (e.g. keymaster).
Given that the majority Chromebooks are powered by Intel, Google recognized 77 at the moment supported units which can be affected. This contains the Pixelbook and Pixel Slate, in addition to Chromebooks from Asus, Acer, Dell, HP, Lenovo, and Samsung. A full record is out there under.
Intel was made conscious of this situation a month in the past and has been working with companions on up to date microprocessor microcode. Google’s answer disables Hyper-Threading by default with Chrome OS 74, which rolled out earlier this month.
In accordance with Google, the efficiency loss ought to be minimal, however depending on the workload. Hyper-Threading might be re-enabled on a per machine foundation:
The setting is situated at chrome://flags#scheduler-configuration. The “performance” setting chooses the configuration that allows Hyper-Threading. The “conservative” setting chooses the configuration that disables Hyper-Threading.
Chrome OS 75 subsequent month will function extra mitigations. As of Tuesday, Could 14th, “Google is not aware of any active exploitation of the MDS vulnerabilities.”
On other Google platforms, the Chrome browser is dependent on Apple and Microsoft fixes for macOS and Home windows, respectively. The few Android units that run Intel are impacted, however Google notes that the “vast majority of Android devices are not affected” attributable to ARM. Extra particulars can be found on Chromium and the MDS attacks site that describes the CPU vulnerabilities in-depth.
| AOpen Chromebase Industrial | Google Chromebook Pixel (2015) |
| AOpen Chromebox Industrial | Google Pixelbook |
| ASI Chromebook | HEXA Chromebook Pi |
| ASUS Chromebook C200MA |
HP Chromebook 11 2100-2199 / HP Chromebook 11 G3 |
| ASUS Chromebook C300MA |
HP Chromebook 11 2200-2299 / HP Chromebook 11 G4/G4 EE |
| ASUS Chromebook Flip C302 | HP Chromebook 13 G1 |
| ASUS Chromebox 3 | HP Chromebook 14 |
| ASUS Chromebox CN60 |
HP Chromebook 14 ak000-099 / HP Chromebook 14 G4 |
| ASUS Chromebox CN62 | HP Chromebook x2 |
| Acer C720 Chromebook | HP Chromebook x360 14 |
| Acer Chromebase 24 |
HP Chromebox CB1-(000-099) / HP Chromebox G1/ HP Chromebox for Conferences |
| Acer Chromebook 11 (C740) | HP Chromebox G2 |
| Acer Chromebook 11 (C771 / C771T) | Haier Chromebook 11 G2 |
| Acer Chromebook 13 (CB713-1W ) | JP Sa Couto Chromebook |
| Acer Chromebook 15 (C910 / CB5-571) | LG Chromebase 22CB25S |
| Acer Chromebook 15 (CB3-531) | LG Chromebase 22CV241 |
| Acer Chromebook Spin 13 (CP713-1WN) | Lenovo 100S Chromebook |
| Acer Chromebox | Lenovo N20 Chromebook |
| Acer Chromebox CXI2 | Lenovo N21 Chromebook |
| Acer Chromebox CXI3 | Lenovo ThinkCentre Chromebox |
| Bobicus Chromebook 11 | Lenovo ThinkPad 11e Chromebook |
| CTL Chromebox CBx1 | Lenovo Thinkpad X131e Chromebook |
| CTL N6 Training Chromebook | M&A Chromebook |
| Chromebook 11 (C730 / CB3-111) | Pixel Slate |
| Chromebook 11 (C735) | RGS Training Chromebook |
| Chromebook 14 for work (CP5-471) | Samsung Chromebook 2 11 – XE500C12 |
| Chromebox Reference | Samsung Chromebook Plus (LTE) |
| Client Chromebook | Samsung Chromebook Plus (V2) |
| Crambo Chromebook | Samsung Chromebook Professional |
| Dell Chromebook 11 | Senkatel C1101 Chromebook |
| Dell Chromebook 11 (3120) | Thinkpad 13 Chromebook |
| Dell Chromebook 13 3380 | Toshiba Chromebook |
| Dell Chromebook 13 7310 | Toshiba Chromebook 2 |
| Dell Chromebox | Toshiba Chromebook 2 (2015 Version) |
| Dell Inspiron Chromebook 14 2-in-1 7486 | True IDC Chromebook |
| Training Chromebook | Videonet Chromebook |
| eduGear Chromebook R | ViewSonic NMP660 Chromebox |
| Edxis Chromebook | Yoga C630 Chromebook |
| Edxis Training Chromebook |
Check out 9to5Google on YouTube for more news: