The Chromium team within Google has publicly published a detailed list of every Chrome OS device and its status on being protected against the Meltdown vulnerability. The list can be found here and I strongly encourage readers to visit the link and bookmark it.
The list is broken down into seven columns that provide details for each device. The columns are:
- Public codename for the device
- Marketing name of the device
- Kernel version
- Architecture (x86, ARM, aarch64)
- Date of when automatic updates end for the device
- If Meltdown protection has come to the Kernel Page Table Isolation (KPTI) in Chrome 63 for that device
- Kernel Page Table Isolation (KPTI) will eventually be updated
The last two columns in this table are the key ones to pay attention to as you review it. This tells you if your device is protected, will be protect, or at EoL (End of Life) and will not be updated.
For the majority of devices running Chrome OS, Chrome 63 brought the fixes to the vulnerability, identified as CVE-2017-5754 by Google. These devices were brought up to Kernel build 3.8 or 4.4 which fixes the vulnerability. Some devices however will need to be back ported to the 3.8 Kernel Page Table Isolation to be fixed.
Finally, you will note that devices that are not running x86 architecture are not impacted. You will see “not needed” in the table. However, if you find that your device is marked as End of Life (EoL), it is time to get a more contemporary Chrome OS device to assure that you are protected.