Home > News > China News > Google’s Project Zero team dis.....
Contact us
CHINA TOPWIN INDUSTRY CO.,LTD. (ChinaGeterTechnologyCo.,LTD)was established in 2002. In the attitude of "Study for our innovation and advancement. Pro...Contact Now


Google’s Project Zero team discovered critical CPU flaw last year

  • Author:chinatopwin
  • Source:chinatopwin
  • Release on:2018-01-04
In a blog post published minutes ago, Google’s Security team announced what they have done to
protect Google Cloud customers against the chip vulnerability announced earlier today. They also 
indicated their Project Zero team discovered this vulnerability last year (although they weren’t 
specific with the timing).

The company stated that it informed the chip makers of the issue, which is caused by a process
known as “speculative execution.” This is an advanced technique that enables the chip to 
essentially guess what instructions might logically be coming next to speed up execution. 
Unfortunately, that capability is vulnerable to malicious actors who could access critical 
information stored in memory, including encryption keys and passwords.

According to Google, this affects all chip makers, including those from AMD, ARM and Intel 
(although AMD has denied they are vulnerable). In a blog post, Intel denied the vulnerability was 
confined to their chips, as had been reported by some outlets.

The Google Security team wrote that they began taking steps to protect Google services from 
the flaw as soon as they learned about it. If you’re wondering why they didn’t tell the public 
about it as soon as they learned about it, it’s because there was supposed to be a coordinated 
release coming up next week (on January 9th). When the news leaked, Google, Intel and other 
interested parties decided to release the information to end speculation.

The good news is that if you are using Google Apps/G Suite, you don’t need to take any action. 
Other Google Cloud users will have to take some steps to mitigate their risk. You should read 
this post for specific details on which products and services require user action.