Search This Blog

Saturday, January 6, 2018

Google reassures users after news of major CPU vulnerabilities

Google reassures users after news of major CPU vulnerabilities

Newly disclosed processor vulnerabilities threaten the security of devices around the globe, but Google is here to tell you that it totally has your back. Well, for some of them, at least.

The Mountain View-based company explained Wednesday on its security blog that it's been aware of the risks posed by the “speculative execution” vulnerability for some time now, and has been working to fix potentially at-risk systems.



"As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data," Google explained in the blog post. "We have updated our systems and affected products to protect against this new type of attack."

Someone exploiting this bug could theoretically steal passwords and other sensitive data off a computer. In other words, it's bad.

Importantly, according to a company spokesperson, the Google blog post specifically addresses both Spectre (Variant 1 and 2) and Meltdown (Variant 3). And we know that Meltdown patches do exist — Microsoft, for example, already issued one.


Google helpfully published a detailed list noting "affected Google products and their current status of mitigation against CPU speculative execution attack methods." It includes steps that the company has already taken, and has suggestions for users of various products like Chrome (and you should probably heed the company's security advice).

A few of the highlights: Updated Android devices (because this threatens mobile too) are protected, as are fully updated and supported Nexus and Pixel devices. You also don't need to stress about Gmail or G Suite.

If you use the Google Cloud Platform, though, you might have some work to do on your end.

Either way, Google clearly wants you to know that even if everything is totally messed up in the world of cybersecurity, it's still looking out for you.

No comments:

Post a Comment