Google’s Project Zero team discovered critical CPU flaw last year

Author : chinatopwin Source : chinatopwin Release on : 2018-01-04 09:18:14

In a blog post published minutes ago, Google’s Security team announced what they have done to

protect Google Cloud customers against the chip vulnerability announced earlier today. They also

indicated their Project Zero team discovered this vulnerability last year (although they weren’t

specific with the timing).

The company stated that it informed the chip makers of the issue, which is caused by a process

known as “speculative execution.” This is an advanced technique that enables the chip to

essentially guess what instructions might logically be coming next to speed up execution.

Unfortunately, that capability is vulnerable to malicious actors who could access critical

information stored in memory, including encryption keys and passwords.

According to Google, this affects all chip makers, including those from AMD, ARM and Intel

(although AMD has denied they are vulnerable). In a blog post, Intel denied the vulnerability was

confined to their chips, as had been reported by some outlets.

The Google Security team wrote that they began taking steps to protect Google services from

the flaw as soon as they learned about it. If you’re wondering why they didn’t tell the public

about it as soon as they learned about it, it’s because there was supposed to be a coordinated

release coming up next week (on January 9th). When the news leaked, Google, Intel and other

interested parties decided to release the information to end speculation.

The good news is that if you are using Google Apps/G Suite, you don’t need to take any action.

Other Google Cloud users will have to take some steps to mitigate their risk. You should read

this post for specific details on which products and services require user action.

Previous : CES 2018: What to expect
Next : At the end of 1, 150 years ago, there will be an observation department "Full moon in the color