January 05, 2018
In the latest news from the security team at Google, here comes an announcement regarding chip vulnerability and protection for Google Cloud customers. But that’s not all. The security team also indicated that Project Zero team discovered this vulnerability last year.
Google claims that the information regarding the vulnerability was informed to the chip makers. The vulnerable issue here is cause process known as “speculative execution.” Speculative execution is an advanced technique which enables chips to make a guess as to what instructions might logically be coming next to speed up execution.
Although this may sound exciting, it is also unfortunate. This is because this capability is extremely vulnerable to malicious actors who could easily gain access to critical information stored in memory. And this includes even encryption keys and passwords.
Apparently, this happens to every chip maker, including chips manufactured from AMD, ARM, and Intel. However, both AMD and Intel denied this vulnerability. On the other hand, Google said that it’s taking steps to protect Google services. The Google Security team is looking into the matter and is protecting users from this flaw as soon as they learned about it.