Google knew about Spectre and Meltdown processor bugs last year, so its products are (mostly) protected
When news broke of the security flaw affecting Intel chips, the tech world was more than a little surprised. And things just got more surprising as more details of Meltdown and Spectre emerged.
Perhaps most surprising is the fact that Google -- via Project Zero -- was aware of the problem in June of 2017. The company even went as far as informing Intel, AMD and ARM about the issue. But for Google customers, the good news is that the early detection of the security flaw means that Google Cloud, G Suite and Chrome users are fairly safe.
See also:
- Microsoft issues an emergency fix for Windows 10 to address processor bug
- Intel chips have a huge security flaw, and the fix will slow down Windows and Linux machines
- Meltdown and Spectre vulnerabilities bring the computing apocalypse, and yes, you are screwed
In a blog post published in the wake of the chip security revelations, Google's vice president of engineering, Ben Treynor Sloss, says: "Last year, Google's Project Zero security team discovered a vulnerability affecting modern microprocessors. Since then, Google engineering teams have been working to protect our customers from the vulnerability across the entire suite of Google products, including Google Cloud Platform (GCP), G Suite applications, and the Google Chrome and Chrome OS products. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web."
He goes on to explain that there's nothing G Suite customers need to do as steps have already been taken to block all attack vectors. He does not reveal when this protection was put in place however. He goes on to talk about Google Cloud Platform (GCP):
GCP has already been updated to prevent all known vulnerabilities. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.
Customers who use their own operating systems with GCP services may need to apply additional updates to their images; please refer to the GCP section of the Google Security blog post concerning this vulnerability for additional details. As more updates become available, they will be tracked on the the Compute Engine Security Bulletins page.
Finally, customers using Chrome browser -- including for G Suite or GCP -- can take advantage of Site Isolation as an additional hardening feature across desktop platforms, including Chrome OS. Customers can turn on Site Isolation for a specific set of websites, or all websites.
Image credit: testing / Shutterstock