Google is prepping a Chrome update to mitigate newly disclosed CPU exploits

Mark your calendars, folks—on January 23, Google will roll out a Chrome update (version 64) that will contain mitigations against Meltdown and Spectre, the names given to recently disclosed vulnerabilities affecting a whole bunch of processors.

If you haven't been following, it was recently revealed that pretty much every Intel processor released in the last decade has an inherent design flaw (Intel refutes it's actually a flaw, but whatever) that could expose the contents of protected memory to a malicious actor. That's not good, but to make matters worse, software patches to address the issue could significantly impact performance, depending on the workload.

Followup analysis reveal that AMD and ARM processors are affected by at least one of the exploits, so we're all pretty much sitting ducks. You can read more details about what's going on here and in our FAQ on the topic.

It's not entirely clear what the full impact will be, though companies are scrambling to address to the issue. As it relates to Chrome, Google says that enabling Site Isolation, and experimental feature available in the current Chrome 63 build, offers additional protection and ultimately makes it harder for untrusted websites to access or steal from information. The steps for enabling it are outlined here.

We suspect this will be enabled by default in Chrome 64, though Google didn't go into too many details. All it really said on the matter is that "Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation."

From our understanding, there are still NDAs in place that prevent companies from going into too many details about the security bugs. Those are set to lift next week, at which point we'll have a better view of the situation.