After Project Zero’s security team at Google discovered Specter and Meltdown security breaches, they actively contacted other vendors in the technology space and quickly pushed the full remediation of the vulnerabilities. On today’s updated Chromium Wiki page, Google details all of the Chrome OS devices and whether they have fixed the Meltdown vulnerabilities.
More than 140 devices are listed on the product page, indicating the device’s internal code, kernel version, architecture, and deadlines for the device to stop receiving official auto-updates. Some of the devices on the page have been marked as out of support, which means Google will no longer continue to provide updates for these devices.
On the “CVE-2017-5754 mitigations (KPTI) on M63?” Column, the Chromebook is flagged for Meltdown vulnerabilities, and if it’s marked as “Yes” or “not needed,” it’s not a problem.
For Specter vulnerabilities, Google offers slightly more protection. Chrome OS provides what is known as site isolation, which effectively reduces the damage caused by this vulnerability. If you want to activate this feature, you can type “#enable-site-per-process” in the Chrome address bar and mark this as “Enabled” after the carriage return.
