Google to release security patch to fix Meltdown, Specter bugs for its Chrome browser

SAN FRANCISCO, Jan. 5 (Xinhua) -- Tech giant Google has said it will release security patches for its Chrome browser later this month to fix CPU flaws susceptible to hacking.

"Chrome's JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23 2018," Google said.

Future Chrome releases will include additional mitigations and hardening measures which will further reduce the impact of this class of attack, it added.

A Google research team announced Wednesday that it has discovered two hardware bugs, called Meltdown and Specter, which would exploit critical vulnerabilities in modern processors.

"CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts," the Google security team said.

Google said its browser users can remain protected against the two security bugs if they enable Site Isolation, an experimental feature which by default comes turned off in the stable versions of Chrome browser.

Other browser providers such as Microsoft and Mozilla have already shipped updates for their users to protect their browsers, Microsoft Edge and Fireforx, against the CPU flaws. Enditem