Meltdown/Spectre vulnerability status for Chrome OS devices

This page details status for Chrome OS devices regarding the Meltdown and Spectre vulnerabilities, also known as "speculative execution vulnerabilities" described by Google Project Zero.

(Previously located at https://www.chromium.org/chrome-os-devices-and-kernel-versions.)

Contents

1 Meltdown
1. 1.1 Variant 3 (CVE-2017-5754)
2 Spectre
1. 2.1 Variant 1 (CVE-2017-5753)
2. 2.2 Variant 2 (CVE-2017-5715)
  1. 2.2.1 Intel devices
  2. 2.2.2 ARM devices

Meltdown

Google has been working on updates that contain the Kernel Page Table Isolation (KPTI) mitigation for Meltdown. ARM Chrome OS devices are not affected by Meltdown. Most Intel devices received KPTI with M63. All Intel devices will have received KPTI with M66.

(2018-Feb-07: Updated to confirm all Intel devices will have received KPTI with M66.)

Variant 3 (CVE-2017-5754)

The following subsections indicate the vulnerability status of Chrome OS hardware for Variant 3 (CVE-2017-5754), which is also referred to as Meltdown.

Protection against Variant 3

These devices have received the KPTI / KAISER patch in Chrome OS 63 and are protected against Variant 3:

Marketing name
Public codename
Dell Chromebook 13 3380
asuka
Acer Chromebook 15 (CB3-532)
banon
Samsung Chromebook Pro
caroline
ASUS Chromebook Flip C302
cave
Samsung Chromebook 3
celes
HP Chromebook 13 G1
chell
Acer Chromebook R11 (CB5-132T / C738T)
cyan
Chromebook 14 (CB3-431)
edgar
Chromebook 11 Model 3180
kefka
Chromebook 14 for work (CP5-471)
lars
Acer Chromebook 11 (C771, C771T)
lili
HP Chromebook 11 G5 EE
locke
Lenovo N23 Chromebook
reks
Lenovo N23 Chromebook (Touch)
reks
Lenovo N42 (Touch) Chromebook
reks
Lenovo N22 (Touch) Chromebook
reks
Mecer V2 Chromebook
relm
Edxis Education Chromebook
relm
CTL NL61 Chromebook
relm
Dell Chromebook 11 3189
sabin
Thinkpad 13 Chromebook
sentry
HP Chromebook 11 G5 / HP Chromebook 11-vxxx
setzer
ASUS Chromebook C202SA
terra
ASUS Chromebook C300SA/C301SA
terra13
Acer Chromebook 11 N7 (C731)
tifa
ThinkPad 11e Chromebook 3rd Gen (Yoga/Clamshell)
ultima
Multilaser M11C Chromebook
wizpig
Viglen Chromebook 360
wizpig
PCMerge Chromebook PCM-116T-432B
wizpig
Edugear CMT Chromebook
wizpig
CTL J5 Chromebook
wizpig
Prowise ProLine Chromebook
wizpig
Haier Convertible Chromebook 11 C
wizpig
Acer Chromebook 15 (CB3-531)
banjo
ASUS Chromebook C213NA
basking
Dell Chromebook 11 (3120)
candy
Lenovo N20 Chromebook
clapper
Acer Chromebook Spin 11 (R751T)
electro
JP Sa Couto Chromebook
enguarde
ASI Chromebook
enguarde
eduGear Chromebook R
enguarde
Videonet Chromebook
enguarde
True IDC Chromebook
enguarde
Crambo Chromebook
enguarde
RGS Education Chromebook
enguarde
Edxis Education Chromebook
enguarde
Senkatel C1101 Chromebook
enguarde
M&A Chromebook
enguarde
CTL N6 Education Chromebook
enguarde
Education Chromebook
enguarde
Google Pixelbook
eve
Edxis Chromebook
expresso
Bobicus Chromebook 11
expresso
HEXA Chromebook Pi
expresso
Consumer Chromebook
expresso
Lenovo ThinkPad 11e Chromebook
glimmer
Acer Chromebook 11 (C730 / C730E)
gnawty
Chromebook 11 (C735)
gnawty+
Haier Chromebook 11 G2
heli
Lenovo N21 Chromebook
hoofer
HP Chromebook 11 2100-2199 / HP Chromebook 11 G3
kip
HP Chromebook 11 2200-2299 / HP Chromebook 11 G4 / G4 EE
kip
HP Chromebook 14 ak000-099 / HP Chromebook 14 G4
kip14
AOpen Chromebox Commercial
ninja
Lenovo 100S Chromebook
orco
Lenovo Thinkpad 11e Chromebook (4th Gen) / Lenovo Thinkpad Yoga 11e Chromebook (4th Gen)
pyro
ASUS Chromebook C300MA
quawks
Chromebook 15 CB515-1HT/1H
sand
HP Chromebook x360 11 G1 EE
snappy
ASUS Chromebook C200MA
squawks
AOpen Chromebase Commercial
sumo
Toshiba Chromebook 2
swanky
Samsung Chromebook 2 11 - XE500C12
winky

Older Intel devices

These devices with kernel 3.14 will receive the KPTI / KAISER patch against Variant 3 (Meltdown) in Chrome OS 66:

Marketing name
Public codename
Acer Chromebase 24
buddy
Toshiba Chromebook 2 (2015 Edition)
gandof
ASUS Chromebox CN62
guado
Dell Chromebook 13 7310
lulu
Acer Chromebook 11 (C740)
paine
Acer Chromebox CXI2
rikku
Google Chromebook Pixel (2015)
samus
Lenovo ThinkCentre Chromebox
tidus
Acer Chromebook 15 (CB5-571)
yuna

These devices with kernel 3.8 will receive the KPTI / KAISER patch against Variant 3 (Meltdown) in Chrome OS 66:

Marketing name	Public codename
HP Pavilion Chromebook 14	butterfly
HP Chromebook 14	falco
Toshiba Chromebook	leon
Google Chromebook Pixel	link
Acer Chromebox	mccloud
LG Chromebase 22CB25S	monroe
LG Chromebase 22CV241	monroe
ASUS Chromebox CN60	panther
Acer C720 Chromebook	peppy
Lenovo Thinkpad X131e Chromebook	stout
Samsung Chromebox Series 3	stumpy
Dell Chromebox	tricky
Dell Chromebook 11	wolf
HP Chromebox CB1-(000-099) / HP Chromebox G1 / HP Chromebox for Meetings	zako

ARM devices

ARM Chrome OS devices are not affected by Meltdown. This applies to the following devices:

Marketing name
Public codename
Poin2 Chromebook 14
birch
Acer Chromebook R13 (CB5-312T)
elm
Lenovo N23 Yoga/Flex 11 Chromebook
hana
Poin2 Chromebook 11C
hanawl
ASUS Chromebook Flip C101PA
bob
Samsung Chromebook Plus
kevin
Samsung Chromebook 2 13"
pi
Samsung Chromebook 2 11"
pit
HP Chromebook 11 2000-2099 / HP Chromebook 11 G2
skate
Samsung Chromebook
snow
HP Chromebook 11 1100-1199 / HP Chromebook 11 G1
spring
Acer Chromebook 13 (CB5-311)
big
HP Chromebook 14 x000-x999 / HP Chromebook 14 G3
blaze
Acer Chromebase
kitty
AOpen Chromebox Mini
fievel
Medion Akoya S2013
jaq
True IDC Chromebook 11
jaq
Xolo Chromebook
jaq
Haier Chromebook 11
jaq
VideoNet Chromebook BL10
jerry
Mecer Chromebook
jerry
Positivo Chromebook CH1190
jerry
Epik 11.6" Chromebook ELB1101
jerry
NComputing Chromebook CX100/110
jerry
eduGear Chromebook K Series
jerry
CTL J2 / J4 Chromebook for Education
jerry
HiSense Chromebook 11
jerry
Poin2 Chromebook 11
jerry
ASUS Chromebit CS10
mickey
Prowise 11.6" Entry Line Chromebook
mighty
MEDION Chromebook S2015
mighty
Chromebook PCM-116E
mighty
Lumos Education Chromebook
mighty
Viglen Chromebook 11
mighty
Sector 5 E1 Rugged Chromebook
mighty
eduGear Chromebook M Series
mighty
Nexian Chromebook 11.6-inch
mighty
Haier Chromebook 11e
mighty
ASUS Chromebook Flip C100PA
minnie
ASUS Chromebook C201PA
speedy
AOpen Chromebase Mini
tiger

Spectre

The following subsections indicate Chrome OS status with respect to the Spectre vulnerability (also referred to as "Variant 1" and "Variant 2" in the Project Zero blog post). Spectre potentially allows access to data held in other processor execution contexts. The victim execution context (kernel or process) must have certain code patterns in their address space.

Variant 1 (CVE-2017-5753)

The Linux kernel has a feature called eBPF that is used to run untrusted code. The Project Zero blog post describes how this can be abused by attackers to generate vulnerable code patterns in the kernel. However, Chrome OS disables eBPF in its kernels and therefore is not exposed to Spectre Variant 1 via eBPF. Additional Spectre variant 1 mitigations available in the Chrome browser are described here.

Variant 2 (CVE-2017-5715)

The Project Zero blog post describes how virtualization can be used to exploit Spectre Variant 2. Chrome OS devices don’t currently use virtualization features, but we’re proactively protecting against this attack.

(2018-Feb-22: Updated to describe plans for ARM devices.)

Intel devices

On Intel devices we’ve deployed the Retpoline compiler-based mitigation for Chrome OS kernels, starting with Chrome OS 65. This mitigation prevents kernel-to-user, guest-to-guest, and host-to-guest information leaks using Spectre Variant 2.

ARM devices

On ARM devices we’ve started integrating firmware and kernel patches supplied by ARM. Development is still ongoing so release timelines have not been finalized. ARM devices will receive updated firmware and kernels before they enable virtualization features.

Comments

The Chromium Projects

Quick links

Other sites