Google Reveals How it Protected Gmail from Spectre and Meltdown

An Update on AMD Processor Security | AMD

Meltdown and Spectre chip flaw timeline

Those variants include both the Meltdown vulnerability (CVE-2017-5754) and the two Spectre vulnerabilities (CVE-2017-5753 and CVE-2017-5715) for bounds check bypasses and branch target injection attacks, respectively.

Google recently detailed its response to the Spectre and Meltdown security flaws.

While researchers who identified Spectre and Meltdown had warned that software patches could cause device performance hits of up to 30 percent, companies rolling out fixes are finding the impacts can vary widely.

Meltdown, for those unaware, is the term coined to describe a flaw in modern Intel CPUs, which leaves a computer's kernel memory - the encrypted part of a system used to store sensitive information, like passwords - susceptible to hackers. And thanks to the efforts of hundreds of engineers, no one has apparently noticed because the fixes haven't slowed down or degraded popular services like Google search, Google Drive, and Gmail.

Ultimately, Google deployed its Retpoline-based fix and, "by December, all Google Cloud Platform... services had protections in place for all known variants of the vulnerabilities".

Liverpool to offer career-long contact to Firmino
Firmino's importance to the Liverpool cause has only increased with the sale of Philippe Coutinho to Barcelona for £142million. If a deal is agreed for Keita in the winter window, he will become the most expensive player in Liverpool's history.

The chip maker Thursday backtracked on an earlier statement to the media regarding Spectre, which had claimed there was a "near zero risk" to AMD processors from "the three variants targeting speculative execution".

As Google describes this, "With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimisations such as software branch prediction hints, demonstrated that this protection came with nearly no performance loss".

To its credit, the company has shared all of its research and solutions publicly, even going so far as open sourcing the Retpoline solution. That could mean noticeable performance hits when blocking the hacks. Intel's stock has taken a big hit since the announcement, in spite of the fact these issues affect nearly all modern chips.

"For several months, it appeared that disabling the vulnerable CPU features would be the only option for protecting all our workloads against Variant 2 ..."

The good news for the general public is that this doesn't affect them, at least not directly.

Latest News