Tag: Meltdown Vulnerability

The Chromium team within Google has publicly published a detailed list of every Chrome OS device and its status on being protected against the Meltdown vulnerability.  The list can be found here and I strongly encourage readers to visit the link and bookmark it.

The list is broken down into seven columns that provide details for each device.  The columns are:

• Public codename for the device
• Marketing name of the device
• Kernel version
• Architecture (x86, ARM, aarch64)
• Date of when automatic updates end for the device
• If Meltdown protection has come to the Kernel Page Table Isolation (KPTI) in Chrome 63 for that device
• Kernel Page Table Isolation (KPTI) will eventually be updated

The last two columns in this table are the key ones to pay attention to as you review it.  This tells you if your device is protected, will be protect, or at EoL (End of Life) and will not be updated.

The Essential Phone has a new update rolling out that owners will want to install as soon as it is available for their device.  The update is build NMJ88C and it brings fixes for both the Spectre and Meltdown vulnerabilities as well as the January Android Security Update patch.  The update is small so you can download it via your mobile data connection but WiFi is always recommended.

The update means that the Essential Phone will be one of the first phones outside of Google’s own devices to have the January security update.

For those that haven’t kept up, the Spectre and Meltdown security flaws were announced last week and are a fundamental issue with Intel, AMD and ARM processors.  If exploited, these vulnerabilities would allow for sensitive data to be stolen from the phone via memory that is normally off limits to the kernel.  It is a big deal and software developers like Google, Microsoft and Apple are having to address it quickly.  Phone manufactures, like Essential, will need to build fixes into their particular Android builds too.