Google’s Project Zero security team just announced two serious security vulnerabilities called Meltdown and Spectre. These vulnerabilities are particularly serious because they occur in the CPU chip’s architectures so it affects any software running on most Intel CPUs manufactured from 1995 to today. If you have a device or computer with an Intel processor that implements “out-of-order” execution, as most CPUs in use today do, it is vulnerable to attacks.

In a nutshell, the vulnerabilities allow attackers to use malicious code to read memory that should not be accessible. Even JavaScript contained within a web page can read protected memory within the browser. This could allow the attacker to capture sensitive data from another application running on the same machine or data from another web page in the same browser.

The problem lies in the CPU chips rather than the software. CPUs manufactured in the future will contain design changes to eliminate the vulnerabilities but of course that does not help with current devices. Fortunately, it appears that operating system and browser makers can release patches that will limit the exposure. You will want to install those updates as soon as they are available.

The security folks at Defiant have a blog post with details on the Meltdown and Spectre vulnerabilities. You can read it here.