Category: Chrome 63

The Chromium team within Google has publicly published a detailed list of every Chrome OS device and its status on being protected against the Meltdown vulnerability.  The list can be found here and I strongly encourage readers to visit the link and bookmark it.

The list is broken down into seven columns that provide details for each device.  The columns are:

• Public codename for the device
• Marketing name of the device
• Kernel version
• Architecture (x86, ARM, aarch64)
• Date of when automatic updates end for the device
• If Meltdown protection has come to the Kernel Page Table Isolation (KPTI) in Chrome 63 for that device
• Kernel Page Table Isolation (KPTI) will eventually be updated

The last two columns in this table are the key ones to pay attention to as you review it.  This tells you if your device is protected, will be protect, or at EoL (End of Life) and will not be updated.

The Chromium team has updated the list of Chromebooks that can run Android apps either in the Chrome OS beta or stable channels.  In all, 10 devices are able to run Android apps now, bringing the total number up to 67 different Chromebooks and Chromeboxes that can run Android apps.

When it comes to pure new additions to the list, there are eight new devices that moved into the beta channel.  That includes the likes of the Toshiba Chromebook 2 (2015), the Haier Chromebook 11 C, and the Viglen Chromebook 360.  Two devices, the Acer Chromebook 11 (C740) and the Dell Chromebook 13 (7310) moved from the Beta channel to the Stable channel, meaning they are fully supported by those devices.

An incremental update to Chrome OS has been released by the Chromium team and is starting to roll out to devices.  The updated version is build 63.0.3239.116 (Platform version: 10032.75.0) and Google indicates that the majority of Chrome OS devices will get the update over the course of the next few days.

As is often the case with these midstream updates, there are not a lot of details available on what was addressed or fixed.  Rather, we simply get the generic “This build contains a number of bug fixes and security updates”.

It has been a frantic week for Apple, Google and Microsoft as they have tried to deal with a serious CPU vulnerability in modern processors from Intel, ARM and AMD.  The security issue, which could allow for system memory to be read which could give access to passwords and other sensitive information.   The significance of this issue is that it requires an OS level update to fix.

For Google and Chrome OS, the fix is already out.  The Chrome 63 train for Chrome OS was released on December 15th and part of that update was fixing this issue.  The issue does not impact Chrome OS devices running ARM processors.  This is good news as it means a wide swatch of Chromebooks are already protected.

For those of you who use the Chrome browser on your Windows PC, Mac or Linux machines, there is a new update rolling out for you today.  The new version is build 63.0.3239.108 and is a security update that addresses two security concerns with the browser.  The update keeps what has been the norm for Chrome in that a major release happens early in the month and a minor release happens in the middle to end of the month.

As you can see by the build number, this update remains in the Chrome 63 train.

Google hasn’t released full details of the fixes that are in this update but has outlined the one high priority item that was addressed was a security flaw while the second security issue was not addressed in the release notes.  Google tends to not release bug details until after a majority of users have been updated to assure that the exploit is not used.

Following the release of an updated Chrome for Android, the Chrome browser for Windows, MacOS and Linux has a new update rolling out today.  The updated version is build 63.0.3239.84 for those keeping score at home and gets desktop users of the browser on the Chrome 63 train.

Along with the updating to the base version of Chrome, this update also brings a lot of fixes.  There are 37 named fixes in this update but the details of exactly how it was fixed will remain confidential for a few more weeks.  This is a normal practice by Google to assure that users have had time to update and are not exposed to the vulnerability.  Most of the have to deal with spoofs or other exploits.

The Flags page in Chrome has been updated too.  Now if you type chrome://flags in the ominbar, you will see the new Material Design inspired look to these experimental settings in the browser.