Meltdown/Spectre vulnerability status for Chrome OS devices
This page details status for Chrome OS devices regarding the Meltdown and Spectre vulnerabilities, also known as "speculative execution vulnerabilities" described by Google Project Zero.
(Previously located at https://www.chromium.org/chrome-os-devices-and-kernel-versions.)
Meltdown
Google has been working on updates that contain the Kernel Page Table Isolation (KPTI) mitigation for Meltdown. ARM Chrome OS devices are not affected by Meltdown. Most Intel devices received KPTI with M63. All Intel devices have received KPTI with M66, and therefore all Intel Chrome OS devices are now protected against Meltdown.
(2018-May-22: Updated to note that all Intel devices are now protected against Meltdown.)
Variant 3 (CVE-2017-5754)
The following subsections indicate the vulnerability status of Chrome OS hardware for Variant 3 (CVE-2017-5754), which is also referred to as Meltdown.
Protection against Variant 3
These devices have received the KPTI / KAISER patch in Chrome OS 63 and are protected against Meltdown:
| Marketing name | Public codename |
| Dell Chromebook 13 3380 | asuka |
| Acer Chromebook 15 (CB3-532) | banon |
| Samsung Chromebook Pro | caroline |
| ASUS Chromebook Flip C302 | cave |
| Samsung Chromebook 3 | celes |
| HP Chromebook 13 G1 | chell |
| Acer Chromebook R11 (CB5-132T / C738T) | cyan |
| Chromebook 14 (CB3-431) | edgar |
| Chromebook 11 Model 3180 | kefka |
| Chromebook 14 for work (CP5-471) | lars |
| Acer Chromebook 11 (C771, C771T) | lili |
| HP Chromebook 11 G5 EE | locke |
| Lenovo N23 Chromebook | reks |
| Lenovo N23 Chromebook (Touch) | reks |
| Lenovo N42 (Touch) Chromebook | reks |
| Lenovo N22 (Touch) Chromebook | reks |
| Mecer V2 Chromebook | relm |
| Edxis Education Chromebook | relm |
| CTL NL61 Chromebook | relm |
| Dell Chromebook 11 3189 | sabin |
| Thinkpad 13 Chromebook | sentry |
| HP Chromebook 11 G5 / HP Chromebook 11-vxxx | setzer |
| ASUS Chromebook C202SA | terra |
| ASUS Chromebook C300SA/C301SA | terra13 |
| Acer Chromebook 11 N7 (C731) | tifa |
| ThinkPad 11e Chromebook 3rd Gen (Yoga/Clamshell) | ultima |
| Multilaser M11C Chromebook | wizpig |
| Viglen Chromebook 360 | wizpig |
| PCMerge Chromebook PCM-116T-432B | wizpig |
| Edugear CMT Chromebook | wizpig |
| CTL J5 Chromebook | wizpig |
| Prowise ProLine Chromebook | wizpig |
| Haier Convertible Chromebook 11 C | wizpig |
| Acer Chromebook 15 (CB3-531) | banjo |
| ASUS Chromebook C213NA | basking |
| Dell Chromebook 11 (3120) | candy |
| Lenovo N20 Chromebook | clapper |
| Acer Chromebook Spin 11 (R751T) | electro |
| JP Sa Couto Chromebook | enguarde |
| ASI Chromebook | enguarde |
| eduGear Chromebook R | enguarde |
| Videonet Chromebook | enguarde |
| True IDC Chromebook | enguarde |
| Crambo Chromebook | enguarde |
| RGS Education Chromebook | enguarde |
| Edxis Education Chromebook | enguarde |
| Senkatel C1101 Chromebook | enguarde |
| M&A Chromebook | enguarde |
| CTL N6 Education Chromebook | enguarde |
| Education Chromebook | enguarde |
| Google Pixelbook | eve |
| Edxis Chromebook | expresso |
| Bobicus Chromebook 11 | expresso |
| HEXA Chromebook Pi | expresso |
| Consumer Chromebook | expresso |
| Lenovo ThinkPad 11e Chromebook | glimmer |
| Acer Chromebook 11 (C730 / C730E) | gnawty |
| Chromebook 11 (C735) | gnawty+ |
| Haier Chromebook 11 G2 | heli |
| Lenovo N21 Chromebook | hoofer |
| HP Chromebook 11 2100-2199 / HP Chromebook 11 G3 | kip |
| HP Chromebook 11 2200-2299 / HP Chromebook 11 G4 / G4 EE | kip |
| HP Chromebook 14 ak000-099 / HP Chromebook 14 G4 | kip14 |
| AOpen Chromebox Commercial | ninja |
| Lenovo 100S Chromebook | orco |
| Lenovo Thinkpad 11e Chromebook (4th Gen) / Lenovo Thinkpad Yoga 11e Chromebook (4th Gen) | pyro |
| ASUS Chromebook C300MA | quawks |
| Chromebook 15 CB515-1HT/1H | sand |
| HP Chromebook x360 11 G1 EE | snappy |
| ASUS Chromebook C200MA | squawks |
| AOpen Chromebase Commercial | sumo |
| Toshiba Chromebook 2 | swanky |
| Samsung Chromebook 2 11 - XE500C12 | winky |
Older Intel devices
These devices with kernel 3.14 have received the KPTI / KAISER patch in Chrome OS 65 and are protected against Meltdown:
| Marketing name | Public codename |
| Acer Chromebase 24 | buddy |
| Toshiba Chromebook 2 (2015 Edition) | gandof |
| ASUS Chromebox CN62 | guado |
| Dell Chromebook 13 7310 | lulu |
| Acer Chromebook 11 (C740) | paine |
| Acer Chromebox CXI2 | rikku |
| Google Chromebook Pixel (2015) | samus |
| Lenovo ThinkCentre Chromebox | tidus |
| Acer Chromebook 15 (CB5-571) | yuna |
These devices with kernel 3.8 have received the KPTI / KAISER patch in Chrome OS 66 and are protected against Meltdown:
| Marketing name | Public codename |
| HP Pavilion Chromebook 14 | butterfly |
| HP Chromebook 14 | falco |
| Toshiba Chromebook | leon |
| Google Chromebook Pixel | link |
| Acer Chromebox | mccloud |
| LG Chromebase 22CB25S | monroe |
| LG Chromebase 22CV241 | monroe |
| ASUS Chromebox CN60 | panther |
| Acer C720 Chromebook | peppy |
| Lenovo Thinkpad X131e Chromebook | stout |
| Samsung Chromebox Series 3 | stumpy |
| Dell Chromebox | tricky |
| Dell Chromebook 11 | wolf |
| HP Chromebox CB1-(000-099) / HP Chromebox G1 / HP Chomebox for Meetings | zako |
ARM devices
ARM Chrome OS devices are not affected by Meltdown. This applies to the following devices:
| Marketing name | Public codename |
| Poin2 Chromebook 14 | birch |
| Acer Chromebook R13 (CB5-312T) | elm |
| Lenovo N23 Yoga/Flex 11 Chromebook | hana |
| Poin2 Chromebook 11C | hanawl |
| ASUS Chromebook Flip C101PA | bob |
| Samsung Chromebook Plus | kevin |
| Samsung Chromebook 2 13" | pi |
| Samsung Chromebook 2 11" | pit |
| HP Chromebook 11 2000-2099 / HP Chromebook 11 G2 | skate |
| Samsung Chromebook | snow |
| HP Chromebook 11 1100-1199 / HP Chromebook 11 G1 | spring |
| Acer Chromebook 13 (CB5-311) | big |
| HP Chromebook 14 x000-x999 / HP Chromebook 14 G3 | blaze |
| Acer Chromebase | kitty |
| AOpen Chromebox Mini | fievel |
| Medion Akoya S2013 | jaq |
| True IDC Chromebook 11 | jaq |
| Xolo Chromebook | jaq |
| Haier Chromebook 11 | jaq |
| VideoNet Chromebook BL10 | jerry |
| Mecer Chromebook | jerry |
| Positivo Chromebook CH1190 | jerry |
| Epik 11.6" Chromebook ELB1101 | jerry |
| NComputing Chromebook CX100/110 | jerry |
| eduGear Chromebook K Series | jerry |
| CTL J2 / J4 Chromebook for Education | jerry |
| HiSense Chromebook 11 | jerry |
| Poin2 Chromebook 11 | jerry |
| ASUS Chromebit CS10 | mickey |
| Prowise 11.6" Entry Line Chromebook | mighty |
| MEDION Chromebook S2015 | mighty |
| Chromebook PCM-116E | mighty |
| Lumos Education Chromebook | mighty |
| Viglen Chromebook 11 | mighty |
| Sector 5 E1 Rugged Chromebook | mighty |
| eduGear Chromebook M Series | mighty |
| Nexian Chromebook 11.6-inch | mighty |
| Haier Chromebook 11e | mighty |
| ASUS Chromebook Flip C100PA | minnie |
| ASUS Chromebook C201PA | speedy |
| AOpen Chromebase Mini | tiger |
Spectre
The following subsections indicate Chrome OS status with respect to the Spectre vulnerability (also referred to as "Variant 1" and "Variant 2" in the Project Zero blog post). Spectre potentially allows access to data held in other processor execution contexts. The victim execution context (kernel or process) must have certain code patterns in their address space.
Variant 1 (CVE-2017-5753)
The Linux kernel has a feature called eBPF that is used to run untrusted code. The Project Zero blog post describes how this can be abused by attackers to generate vulnerable code patterns in the kernel. However, Chrome OS disables eBPF in its kernels and therefore is not exposed to Spectre Variant 1 via eBPF. Additional Spectre variant 1 mitigations available in the Chrome browser are described here.
Variant 2 (CVE-2017-5715)
The Project Zero blog post describes how virtualization can be used to exploit Spectre Variant 2. Chrome OS devices that ship Linux VMs contain mitigations for Spectre variant 2.
(2018-Oct-05: Updated to reflect usage of virtualization features on Chrome OS; fixes for ARM devices on kernel 3.18.)
Intel devices
On Intel devices we’ve deployed the Retpoline compiler-based mitigation for all Chrome OS kernels, starting with Chrome OS 65. This mitigation prevents kernel-to-user, guest-to-guest, and host-to-guest information leaks using Spectre variant 2.
ARM devices
On ARM devices we’ve started integrating firmware and kernel patches supplied by ARM. ARM devices will receive updated firmware and kernels before they enable virtualization features.
Some ARM devices on 4.4 kernels received Spectre variant 2 fixes with Chrome OS 67. These fixes were later discovered to be incomplete and updated with Chrome OS 70:
| Marketing name | Public codename |
| ASUS Chromebook Flip C101PA | bob |
| Samsung Chromebook Plus | kevin |
Some ARM devices on 3.18 kernels will receive Spectre variant 2 fixes with Chrome OS 71:
| Marketing name | Public codename |
| Acer Chromebook R13 (CB5-312T) | elm |
| Poin2 Chromebook 14 | birch |
| Poin2 Chromebook 11C | hana |
| Lenovo 300e/N23 Yoga/Flex 11 Chromebook | hana |
Speculative store buffer bypass (variant 4)
Vulnerability description
Following on their Meltdown and Spectre research, Google's Project Zero disclosed a fourth variant of their speculative execution attacks, Speculative store buffer bypass (CVE-2018-3639). On Chrome OS this variant affects the Chrome browser and is also mitigated by Site Isolation.
Chrome OS response
Chrome OS 67 enables Site Isolation by default across the Chrome OS fleet. Chrome OS 67 will be released on the stable channel around June 5, 2018. Site isolation may increase memory use by approximately 10%. For more information on Site isolation, including how to enable it manually, see the Chrome Help article.
Affected devices
Intel devices with Core processors, or Apollo Lake Atom processors, are affected by this variant. ARM devices with MTK8173 processors, or RK3399 processors, are affected by this variant. The cpu line in the chrome:system page will show what CPU the device has.
The following list covers affected devices that will be mitigated in Chrome OS 67:
| Marketing name | Public codename | Platform | ||
| HP Chromebook 11 G6 EE | alan | Apollo Lake | ||
| Acer Chromebook 11 (C732, C732T, C732L & C732LT) | astronaut | Apollo Lake | ||
| Dell Chromebook 13 3380 | asuka | Skylake-U | ||
| ASUS Chromebook C213NA | basking | Apollo Lake | ||
| HP Chromebook 14 G5 | bigdaddy | Apollo Lake | ||
| Poin2 Chromebook 14 | birch | MTK8173 | ||
| ASUS Chromebook Flip C101PA | bob | RK3399 | ||
| Acer Chromebase 24 | buddy | Broadwell | ||
| Samsung Chromebook Pro | caroline | Skylake-Y | ||
| ASUS Chromebook Flip C302 | cave | Skylake-Y | ||
| HP Chromebook 13 G1 | chell | Skylake-Y | ||
| Acer Chromebook Spin 11 (R751T) | electro | Apollo Lake | ||
| Acer Chromebook R13 (CB5-312T) | elm | MTK8173 | ||
| Google Pixelbook | eve | Kabylake-Y | ||
| HP Chromebook 14 | falco | Haswell | ||
| Toshiba Chromebook 2 (2015 Edition) | gandof | Broadwell | ||
| ASUS Chromebox CN62 | guado | Broadwell | ||
| Lenovo 300e/N23 Yoga/Flex 11 Chromebook | hana | MTK8173 | ||
| Poin2 Chromebook 11C | hana | MTK8173 | ||
| Samsung Chromebook Plus | kevin | RK3399 | ||
| Chromebook 14 for work (CP5-471) | lars | Skylake-U | ||
| Acer Chromebook Spin 11 (CP311-1H & CP311-1HN) | lava | Apollo Lake | ||
| Toshiba Chromebook | leon | Haswell | ||
| Acer Chromebook 11 (C771, C771T) | lili | Skylake-U | ||
| Google Chromebook Pixel | link | Ivy Bridge | ||
| Dell Chromebook 13 7310 | lulu | Broadwell | ||
| Acer Chromebox | mccloud | Haswell | ||
| LG Chromebase 22CV241 | monroe | Haswell | ||
| LG Chromebase 22CB25S | monroe | Haswell | ||
| Dell Chromebook 11 5190 | nasher | Apollo Lake | ||
| Dell Chromebook 11 2-in-1 5190 | nasher360 | Apollo Lake | ||
| Acer Chromebook 11 (C740) | paine | Broadwell | ||
| ASUS Chromebox CN60 | panther | Haswell | ||
| Acer C720 Chromebook | peppy | Haswell | ||
| Lenovo Thinkpad 11e Chromebook (4th Gen) | Lenovo Thinkpad Yoga 11e Chromebook (4th Gen) | pyro | Apollo Lake | |
| Acer Chromebox CXI2 | rikku | Broadwell | ||
| Lenovo 100e Chromebook | robo | Apollo Lake | ||
| Lenovo 500e Chromebook | robo360 | Apollo Lake | ||
| Google Chromebook Pixel (2015) | samus | Broadwell | ||
| Chromebook 15 CB515-1HT/1H | sand | Apollo Lake | ||
| Acer Chromebook 11 (CB311-8H & CB311-8HT) | santa | Apollo Lake | ||
| Thinkpad 13 Chromebook | sentry | Skylake-U | ||
| HP Chromebook x360 11 G1 EE | snappy | Apollo Lake | ||
| Lenovo Thinkpad X131e Chromebook | stout | Ivy Bridge | ||
| Lenovo ThinkCentre Chromebox | tidus | Broadwell | ||
| Dell Chromebox | tricky | Haswell | ||
| Dell Chromebook 11 | wolf | Haswell | ||
| Acer Chromebook 15 (CB5-571) | yuna | Broadwell | ||
| HP Chromebox CB1-(000-099) | HP Chromebox G1 | HP Chromebox for Meetings | zako | Haswell |
The following list covers affected devices that are End-of-Life as of Chrome OS 65:
| Marketing name | Public codename | Platform |
| HP Pavilion Chromebook 14 | butterfly | Sandy Bridge |
| Samsung Chromebook Series 5 550 | lumpy | Sandy Bridge |
| Acer C7 Chromebook | parrot | Sandy Bridge / Ivy Bridge |
| Samsung Chromebox Series 3 | stumpy | Sandy Bridge |