Some serious security issues caused by the technique called as “speculative execution” used by most of the modern processors (CPU) in order to optimize performance was detected by Google’s Project Zero Team last year. It was demonstrated by the Project Zero researcher, Jann Horn that the system memory could be read by malicious actors via the speculative execution technique that should have been inaccessible to them.
For instance, the passwords, encryption keys or any other sensitive information open in applications which are stored in the system’s memory may be accessed by unauthorized party. The test also revealed that an attack on one virtual machine was able to access the host machine’s physical memory. This again facilitates a ready-access to the memory of several virtual machines on the same host.
Thus, these types of issues affect CPUs such as AMD, ARM and Intel and many others. It also affects the devices and the operating system running in them.
When this issue came to the limelight, the security and product development teams mobilized to protect Google’s systems and the users’ data. Google ensured that all of its systems and affected products got updated to protect them from this new kind of attack. The hardware and software manufacturers across the industry were contacted. Google collaborated with them in order to protect its users and the web. Collaborative analysis and the development of novel mitigations were included in the efforts the company made to fight against such a new type of attack.
Google has updated the list of its products and the current status of mitigation against this attack. But the list and the product’s status may change as new developments take place. In some cases, the users may have to take additional steps to ensure that the product is working in a protected version while in many products, the issue has been mitigated. The company will keep its users and customers informed in case a new development takes place.