Since it was Google's Project Zero security team that uncovered the Spectre and Meltdown security flaws, the company has had a leg up on others in the tech industry in pushing out fixes to its products quickly. If you are curious about the status of your Chromebook, the company has a handy list to see if you have gotten the updated protection you need.
The list, available on the Chromium Wiki, lists all of the Chrome OS devices and their status in reference to fixes for the Meltdown vulnerability. More than 140 devices are noted, along with the architecture, kernel version, and when the devices would stop receiving official auto-updates.
Some devices have been tagged as EoL - or End of Life - meaning that Google is no longer offering updates for those devices.
You can browse the list for your computer, and if it lists "Yes" or "not needed" in the "CVE-2017-5754 mitigations (KPTI) on M63?" column, then you have nothing to worry about.
As for Spectre, however, protection is a bit more complicated. Chrome OS offers what is called a site isolation feature that will effectively mitigate any damage that can be done through the vulnerability. To enable that, type "#enable-site-per-process" in the Chrome address bar, hit enter, and then make sure the feature is marked "Enabled."
Rest assured that Google has promised to have all non-EoL devices patched soon, so if your device isn't safe yet, it eventually should be.
2 Comments - Add comment