Chromium OS >

Meltdown/Spectre vulnerability status for Chrome OS devices

This page details status for Chrome OS devices regarding the Meltdown and Spectre vulnerabilities, also known as "speculative execution vulnerabilities" described by Google Project Zero.

(Previously located at .)

Meltdown

Google has been working on updates that contain the Kernel Page Table Isolation (KPTI) mitigation for Meltdown. ARM Chrome OS devices are not affected by Meltdown. Most Intel devices received KPTI with M63. All Intel devices have received KPTI with M66, and therefore all Intel Chrome OS devices are now protected against Meltdown.

(2018-May-22: Updated to note that all Intel devices are now protected against Meltdown.)

Variant 3 (CVE-2017-5754)

The following subsections indicate the vulnerability status of Chrome OS hardware for Variant 3 (CVE-2017-5754), which is also referred to as Meltdown.

Protection against Variant 3

These devices have received the KPTI / KAISER patch in Chrome OS 63 and are protected against Meltdown:

Marketing name	Public codename
Dell Chromebook 13 3380	asuka
Acer Chromebook 15 (CB3-532)	banon
Samsung Chromebook Pro	caroline
ASUS Chromebook Flip C302	cave
Samsung Chromebook 3	celes
HP Chromebook 13 G1	chell
Acer Chromebook R11 (CB5-132T / C738T)	cyan
Chromebook 14 (CB3-431)	edgar
Chromebook 11 Model 3180	kefka
Chromebook 14 for work (CP5-471)	lars
Acer Chromebook 11 (C771, C771T)	lili
HP Chromebook 11 G5 EE	locke
Lenovo N23 Chromebook	reks
Lenovo N23 Chromebook (Touch)	reks
Lenovo N42 (Touch) Chromebook	reks
Lenovo N22 (Touch) Chromebook	reks
Mecer V2 Chromebook	relm
Edxis Education Chromebook	relm
CTL NL61 Chromebook	relm
Dell Chromebook 11 3189	sabin
Thinkpad 13 Chromebook	sentry
HP Chromebook 11 G5 / HP Chromebook 11-vxxx	setzer
ASUS Chromebook C202SA	terra
ASUS Chromebook C300SA/C301SA	terra13
Acer Chromebook 11 N7 (C731)	tifa
ThinkPad 11e Chromebook 3rd Gen (Yoga/Clamshell)	ultima
Multilaser M11C Chromebook	wizpig
Viglen Chromebook 360	wizpig
PCMerge Chromebook PCM-116T-432B	wizpig
Edugear CMT Chromebook	wizpig
CTL J5 Chromebook	wizpig
Prowise ProLine Chromebook	wizpig
Haier Convertible Chromebook 11 C	wizpig
Acer Chromebook 15 (CB3-531)	banjo
ASUS Chromebook C213NA	basking
Dell Chromebook 11 (3120)	candy
Lenovo N20 Chromebook	clapper
Acer Chromebook Spin 11 (R751T)	electro
JP Sa Couto Chromebook	enguarde
ASI Chromebook	enguarde
eduGear Chromebook R	enguarde
Videonet Chromebook	enguarde
True IDC Chromebook	enguarde
Crambo Chromebook	enguarde
RGS Education Chromebook	enguarde
Edxis Education Chromebook	enguarde
Senkatel C1101 Chromebook	enguarde
M&A Chromebook	enguarde
CTL N6 Education Chromebook	enguarde
Education Chromebook	enguarde
Google Pixelbook	eve
Edxis Chromebook	expresso
Bobicus Chromebook 11	expresso
HEXA Chromebook Pi	expresso
Consumer Chromebook	expresso
Lenovo ThinkPad 11e Chromebook	glimmer
Acer Chromebook 11 (C730 / C730E)	gnawty
Chromebook 11 (C735)	gnawty+
Haier Chromebook 11 G2	heli
Lenovo N21 Chromebook	hoofer
HP Chromebook 11 2100-2199 / HP Chromebook 11 G3	kip
HP Chromebook 11 2200-2299 / HP Chromebook 11 G4 / G4 EE	kip
HP Chromebook 14 ak000-099 / HP Chromebook 14 G4	kip14
AOpen Chromebox Commercial	ninja
Lenovo 100S Chromebook	orco
Lenovo Thinkpad 11e Chromebook (4th Gen) / Lenovo Thinkpad Yoga 11e Chromebook (4th Gen)	pyro
ASUS Chromebook C300MA	quawks
Chromebook 15 CB515-1HT/1H	sand
HP Chromebook x360 11 G1 EE	snappy
ASUS Chromebook C200MA	squawks
AOpen Chromebase Commercial	sumo
Toshiba Chromebook 2	swanky
Samsung Chromebook 2 11 - XE500C12	winky

Older Intel devices

These devices with kernel 3.14 have received the KPTI / KAISER patch in Chrome OS 65 and are protected against Meltdown:

Marketing name	Public codename
Acer Chromebase 24	buddy
Toshiba Chromebook 2 (2015 Edition)	gandof
ASUS Chromebox CN62	guado
Dell Chromebook 13 7310	lulu
Acer Chromebook 11 (C740)	paine
Acer Chromebox CXI2	rikku
Google Chromebook Pixel (2015)	samus
Lenovo ThinkCentre Chromebox	tidus
Acer Chromebook 15 (CB5-571)	yuna

These devices with kernel 3.8 have received the KPTI / KAISER patch in Chrome OS 66 and are protected against Meltdown:

Marketing name	Public codename
HP Pavilion Chromebook 14	butterfly
HP Chromebook 14	falco
Toshiba Chromebook	leon
Google Chromebook Pixel	link
Acer Chromebox	mccloud
LG Chromebase 22CB25S	monroe
LG Chromebase 22CV241	monroe
ASUS Chromebox CN60	panther
Acer C720 Chromebook	peppy
Lenovo Thinkpad X131e Chromebook	stout
Samsung Chromebox Series 3	stumpy
Dell Chromebox	tricky
Dell Chromebook 11	wolf
HP Chromebox CB1-(000-099) / HP Chromebox G1 / HP Chomebox for Meetings	zako

ARM devices

ARM Chrome OS devices are not affected by Meltdown. This applies to the following devices:

Marketing name	Public codename
Poin2 Chromebook 14	birch
Acer Chromebook R13 (CB5-312T)	elm
Lenovo N23 Yoga/Flex 11 Chromebook	hana
Poin2 Chromebook 11C	hanawl
ASUS Chromebook Flip C101PA	bob
Samsung Chromebook Plus	kevin
Samsung Chromebook 2 13"	pi
Samsung Chromebook 2 11"	pit
HP Chromebook 11 2000-2099 / HP Chromebook 11 G2	skate
Samsung Chromebook	snow
HP Chromebook 11 1100-1199 / HP Chromebook 11 G1	spring
Acer Chromebook 13 (CB5-311)	big
HP Chromebook 14 x000-x999 / HP Chromebook 14 G3	blaze
Acer Chromebase	kitty
AOpen Chromebox Mini	fievel
Medion Akoya S2013	jaq
True IDC Chromebook 11	jaq
Xolo Chromebook	jaq
Haier Chromebook 11	jaq
VideoNet Chromebook BL10	jerry
Mecer Chromebook	jerry
Positivo Chromebook CH1190	jerry
Epik 11.6" Chromebook ELB1101	jerry
NComputing Chromebook CX100/110	jerry
eduGear Chromebook K Series	jerry
CTL J2 / J4 Chromebook for Education	jerry
HiSense Chromebook 11	jerry
Poin2 Chromebook 11	jerry
ASUS Chromebit CS10	mickey
Prowise 11.6" Entry Line Chromebook	mighty
MEDION Chromebook S2015	mighty
Chromebook PCM-116E	mighty
Lumos Education Chromebook	mighty
Viglen Chromebook 11	mighty
Sector 5 E1 Rugged Chromebook	mighty
eduGear Chromebook M Series	mighty
Nexian Chromebook 11.6-inch	mighty
Haier Chromebook 11e	mighty
ASUS Chromebook Flip C100PA	minnie
ASUS Chromebook C201PA	speedy
AOpen Chromebase Mini	tiger

Spectre

The following subsections indicate Chrome OS status with respect to the Spectre vulnerability (also referred to as "Variant 1" and "Variant 2" in the Project Zero blog post). Spectre potentially allows access to data held in other processor execution contexts. The victim execution context (kernel or process) must have certain code patterns in their address space.

Variant 1 (CVE-2017-5753)

The Linux kernel has a feature called eBPF that is used to run untrusted code. The Project Zero blog post describes how this can be abused by attackers to generate vulnerable code patterns in the kernel. However, Chrome OS disables eBPF in its kernels and therefore is not exposed to Spectre Variant 1 via eBPF. Additional Spectre variant 1 mitigations available in the Chrome browser are described here.

Variant 2 (CVE-2017-5715)

The Project Zero blog post describes how virtualization can be used to exploit Spectre Variant 2. Chrome OS devices that ship Linux VMs contain mitigations for Spectre variant 2.

(2018-Oct-05: Updated to reflect usage of virtualization features on Chrome OS; fixes for ARM devices on kernel 3.18.)

Intel devices

On Intel devices we’ve deployed the Retpoline compiler-based mitigation for all Chrome OS kernels, starting with Chrome OS 65. This mitigation prevents kernel-to-user, guest-to-guest, and host-to-guest information leaks using Spectre variant 2.

ARM devices

On ARM devices we’ve started integrating firmware and kernel patches supplied by ARM. ARM devices will receive updated firmware and kernels before they enable virtualization features.

Some ARM devices on 4.4 kernels received Spectre variant 2 fixes with Chrome OS 67. These fixes were later discovered to be incomplete and updated with Chrome OS 70:

Marketing name	Public codename
ASUS Chromebook Flip C101PA	bob
Samsung Chromebook Plus	kevin

Some ARM devices on 3.18 kernels will receive Spectre variant 2 fixes with Chrome OS 71:

Marketing name	Public codename
Acer Chromebook R13 (CB5-312T)	elm
Poin2 Chromebook 14	birch
Poin2 Chromebook 11C	hana
Lenovo 300e/N23 Yoga/Flex 11 Chromebook	hana

Speculative store buffer bypass (variant 4)

Vulnerability description

Following on their Meltdown and Spectre research, Google's Project Zero disclosed a fourth variant of their speculative execution attacks, Speculative store buffer bypass (CVE-2018-3639). On Chrome OS this variant affects the Chrome browser and is also mitigated by Site Isolation.

Chrome OS response

Chrome OS 67 enables Site Isolation by default across the Chrome OS fleet. Chrome OS 67 will be released on the stable channel around June 5, 2018. Site isolation may increase memory use by approximately 10%. For more information on Site isolation, including how to enable it manually, see the Chrome Help article.

Affected devices

Intel devices with Core processors, or Apollo Lake Atom processors, are affected by this variant. ARM devices with MTK8173 processors, or RK3399 processors, are affected by this variant. The cpu line in the chrome:system page will show what CPU the device has.

The following list covers affected devices that will be mitigated in Chrome OS 67:

Marketing name	Public codename	Platform
HP Chromebook 11 G6 EE	alan	Apollo Lake
Acer Chromebook 11 (C732, C732T, C732L & C732LT)	astronaut	Apollo Lake
Dell Chromebook 13 3380	asuka	Skylake-U
ASUS Chromebook C213NA	basking	Apollo Lake
HP Chromebook 14 G5	bigdaddy	Apollo Lake
Poin2 Chromebook 14	birch	MTK8173
ASUS Chromebook Flip C101PA	bob	RK3399
Acer Chromebase 24	buddy	Broadwell
Samsung Chromebook Pro	caroline	Skylake-Y
ASUS Chromebook Flip C302	cave	Skylake-Y
HP Chromebook 13 G1	chell	Skylake-Y
Acer Chromebook Spin 11 (R751T)	electro	Apollo Lake
Acer Chromebook R13 (CB5-312T)	elm	MTK8173
Google Pixelbook	eve	Kabylake-Y
HP Chromebook 14	falco	Haswell
Toshiba Chromebook 2 (2015 Edition)	gandof	Broadwell
ASUS Chromebox CN62	guado	Broadwell
Lenovo 300e/N23 Yoga/Flex 11 Chromebook	hana	MTK8173
Poin2 Chromebook 11C	hana	MTK8173
Samsung Chromebook Plus	kevin	RK3399
Chromebook 14 for work (CP5-471)	lars	Skylake-U
Acer Chromebook Spin 11 (CP311-1H & CP311-1HN)	lava	Apollo Lake
Toshiba Chromebook	leon	Haswell
Acer Chromebook 11 (C771, C771T)	lili	Skylake-U
Google Chromebook Pixel	link	Ivy Bridge
Dell Chromebook 13 7310	lulu	Broadwell
Acer Chromebox	mccloud	Haswell
LG Chromebase 22CV241	monroe	Haswell
LG Chromebase 22CB25S	monroe	Haswell
Dell Chromebook 11 5190	nasher	Apollo Lake
Dell Chromebook 11 2-in-1 5190	nasher360	Apollo Lake
Acer Chromebook 11 (C740)	paine	Broadwell
ASUS Chromebox CN60	panther	Haswell
Acer C720 Chromebook	peppy	Haswell
Lenovo Thinkpad 11e Chromebook (4th Gen)	Lenovo Thinkpad Yoga 11e Chromebook (4th Gen)	pyro	Apollo Lake
Acer Chromebox CXI2	rikku	Broadwell
Lenovo 100e Chromebook	robo	Apollo Lake
Lenovo 500e Chromebook	robo360	Apollo Lake
Google Chromebook Pixel (2015)	samus	Broadwell
Chromebook 15 CB515-1HT/1H	sand	Apollo Lake
Acer Chromebook 11 (CB311-8H & CB311-8HT)	santa	Apollo Lake
Thinkpad 13 Chromebook	sentry	Skylake-U
HP Chromebook x360 11 G1 EE	snappy	Apollo Lake
Lenovo Thinkpad X131e Chromebook	stout	Ivy Bridge
Lenovo ThinkCentre Chromebox	tidus	Broadwell
Dell Chromebox	tricky	Haswell
Dell Chromebook 11	wolf	Haswell
Acer Chromebook 15 (CB5-571)	yuna	Broadwell
HP Chromebox CB1-(000-099)	HP Chromebox G1	HP Chromebox for Meetings	zako	Haswell

The following list covers affected devices that are End-of-Life as of Chrome OS 65:

Marketing name	Public codename	Platform
HP Pavilion Chromebook 14	butterfly	Sandy Bridge
Samsung Chromebook Series 5 550	lumpy	Sandy Bridge
Acer C7 Chromebook	parrot	Sandy Bridge / Ivy Bridge
Samsung Chromebox Series 3	stumpy	Sandy Bridge