Google Chrome OS Security Update: Disabling Hyper-Threading to Combat Intel's ZombieLoad Vulnerability

Stay secure! Google disables hyper-threading on Chrome OS to shield users from the ZombieLoad Attack, an Intel processor vulnerability exposing sensitive data. Let's dive into what this means for your Chromebook and how it protects you.

Buy Now

Understanding the ZombieLoad Attack on Intel Processors

The ZombieLoad Attack exploits a vulnerability in Intel processors, potentially exposing sensitive user data like website information, passwords, and credit card details. This flaw affects Intel chips manufactured as far back as 2011, meaning many devices are potentially at risk. It's a serious issue, and operating system updates alone aren't enough to completely eliminate the threat.

• Affects processors since 2011.
• Exposes passwords, credit card info, cookies etc.

What is the Risk of ZombieLoad Attack?

ZombieLoad leverages Microarchitectural Data Sampling (MDS) to potentially allow attackers access to sensitive data as it's being used. This vulnerability could even allow a virtual machine to read host memory or an Android app to access privileged process memory. Google and other major platforms are taking action to mitigate this risk.

• MDS allows access to sensitive data.
• Virtual machines and Android Apps could be compromised.

Hyper-Threading Explained: What It Is, and Why It's Being Disabled

Hyper-threading allows a processor core to act as two virtual cores, handling two processes simultaneously. This can boost performance in some situations. Disabling hyper-threading is the most effective way to protect against ZombieLoad. In response, Google has disabled hyper-threading by default in Chrome OS 74.

• Splits physical core into two virtual cores.
• Increases performance in some cases.
• Disabling it provides the highest level of security.

Chrome OS Steps Up: Disabling Hyper-Threading by Default

Chrome OS 74 disables hyper-threading to mitigate the risk of MDS, ensuring security without significantly impacting responsiveness for most users. Chrome OS 75 includes additional mitigations for enhanced protection. This proactive approach ensures Chrome OS users are better protected from potential exploits.

To protect users, Chrome OS 74 disables Hyper-Threading by default. For the majority of our users, whose workflows are primarily interactive, this mitigates the security risk of MDS without a noticeable loss of responsiveness. Chrome OS 75 will contain additional mitigations.

Is Your Chromebook Vulnerable? Check This List

Here's an extensive list of Chrome OS devices potentially affected by the ZombieLoad vulnerability. Check the list to see if your device is among those that benefit from this security update:

• AOpen Chromebase Commercial
• AOpen Chromebox Commercial
• ASI Chromebook
• ASUS Chromebook C200MA
• ASUS Chromebook C300MA
• ASUS Chromebook Flip C302
• ASUS Chromebox 3
• ASUS Chromebox CN60
• ASUS Chromebox CN62
• Acer C720 Chromebook
• Acer Chromebase 24
• Acer Chromebook 11 (C740)
• Acer Chromebook 11 (C771 / C771T)
• Acer Chromebook 13 (CB713-1W )
• Acer Chromebook 15 (C910 / CB5-571)
• Acer Chromebook 15 (CB3-531)
• Acer Chromebook Spin 13 (CP713-1WN)
• Acer Chromebox
• Acer Chromebox CXI2
• Acer Chromebox CXI3
• Bobicus Chromebook 11
• CTL Chromebox CBx1
• CTL N6 Education Chromebook
• Chromebook 11 (C730 / CB3-111)
• Chromebook 11 (C735)
• Chromebook 14 for work (CP5-471)
• Chromebox Reference
• Consumer Chromebook
• Crambo Chromebook
• Dell Chromebook 11
• Dell Chromebook 11 (3120)
• Dell Chromebook 13 3380
• Dell Chromebook 13 7310
• Dell Chromebox
• Dell Inspiron Chromebook 14 2-in-1 7486
• Education Chromebook
• eduGear Chromebook R
• Edxis Education Chromebook
• Google Chromebook Pixel (2015)
• Google Pixelbook
• HEXA Chromebook Pi
• HP Chromebook 11 2100-2199 / HP Chromebook 11 G3
• HP Chromebook 11 2200-2299 / HP Chromebook 11 G4/G4 EE
• HP Chromebook 13 G1
• HP Chromebook 14
• HP Chromebook 14 ak000-099 / HP Chromebook 14 G4
• HP Chromebook x2
• HP Chromebook x360 14
• HP Chromebox CB1-(000-099) / HP Chromebox G1/ HP Chromebox for Meetings
• HP Chromebox G2
• Haier Chromebook 11 G2
• JP Sa Couto Chromebook
• LG Chromebase 22CB25S
• LG Chromebase 22CV241
• Lenovo 100S Chromebook
• Lenovo N20 Chromebook
• Lenovo N21 Chromebook
• Lenovo ThinkCentre Chromebox
• Lenovo ThinkPad 11e Chromebook
• Lenovo Thinkpad X131e Chromebook
• M&A Chromebook
• Pixel Slate
• RGS Education Chromebook
• Samsung Chromebook 2 11 – XE500C12
• Samsung Chromebook Plus (LTE)
• Samsung Chromebook Plus (V2)
• Samsung Chromebook Pro
• Senkatel C1101 Chromebook
• Thinkpad 13 Chromebook
• Toshiba Chromebook
• Toshiba Chromebook 2
• Toshiba Chromebook 2 (2015 Edition)
• True IDC Chromebook
• Videonet Chromebook
• ViewSonic NMP660 Chromebox
• Yoga C630 Chromebook

Re-Enabling Hyper-Threading: When and How

For users with heavy workloads, hyper-threading can be re-enabled. Follow the steps outlined in this guide. Admins can also re-enable the feature for Enterprise accounts through the admin console. Assess your performance needs to determine if re-enabling hyper-threading is right for you.

Other Operating Systems: Protecting non-Chrome OS devices

Security is essential no matter what OS you use. Here's how to disable hyper-threading on other major systems:

• Microsoft Windows
• Apple MacOS
• Red Hat (Linux)
• Ubuntu

Stay Updated and Secure

Keep your Chromebook updated to the latest version for the best protection. For more information on MDS, Hyper-threading, and Chrome OS, refer to the Chromium Project. Further details on Google platforms affected by ZombieLoad Attack can be found here.