To safeguard its customers from potential security bugs in chips, Google has deployed a novel chip-level patch across its entire infrastructure, resulting in only minor declines in performance in most cases.
“In response to the vulnerabilities that were discovered, we developed a novel mitigation called ‘Retpoline’ — a binary modification technique that protects against ‘branch target injection’ attacks,” Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Programme Manager at Google wrote in a joint blog post on Thursday.
“We shared ‘Retpoline’ with our industry partners and have deployed it on Google’s systems, where we have observed negligible impact on performance,” the engineers added. In addition, the tech giant has deployed “Kernel Page Table Isolation” (KPTI) which is a general purpose technique for better protecting sensitive information in memory from other software running on a machine.
“KPTI” has been deployed to the entire fleet of Google Linux production servers that support all of our products, including Search, Gmail, YouTube and Google Cloud Platform, the company said in a statement. Earlier, Intel had confirmed serious security flaws in modern processors that could affect its computers released in the last two decades.
The chip-maker had said that the bug, if used for malicious purposes, has the potential to improperly gather sensitive data from computing devices and promised to fix the bug as soon as possible. It added that the vulnerability, discovered by a British tech website, the Register, is not unique to Intel products.
It argued that “many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits”. Software major Microsoft has already issued emergency updates to supported versions of Windows that was part of a number of fixes that would protect against the processor bug in Intel as well as AMD and ARM CPUs. Amazon was also reportedly working on security updates to their Cloud services and other products.