breadcrumbs: Chromium OS >
System software utilizing lazy floating point state restore in systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Exploitation of the vulnerability requires the ability to run native code on the device. CVE-2018-3665
Chrome OS 68, which will be released to the stable channel in late July 2018, will provide patches to the OS kernel to mitigate this vulnerability. Chrome OS devices will receive these updates automatically.
Chrome OS Intel devices with Core-based processors may be affected. The cpu line in the chrome:system page will show what CPU the device has.
The following list covers affected devices that will be mitigated in Chrome OS 68: