Chrome OS 74 disables hyper-threading for Intel-based Chromebooks due to a security flaw
Intel’s Hyper-Threading feature and multithreading, in general, is a big factor in improving a device performance. But recently, a big security issue regarding this feature has arisen. The security flaws, which are technically known as the Microarchitectural Data Sampling (MDS) vulnerabilities and more colloquially known as “ZombieLoad,” are similar in fashion to the Meltdown and Spectre vulnerabilities from last year. ZombieLoad, however, is composed of four separate issues which take advantage of Hyper-Threading and general CPU design flaws to read sensitive memory content.
Obviously, this is a less than ideal situation, especially with Chromebooks and other Chrome OS devices, the great majority of which are powered by Intel SoCs. In the case of Chrome OS, Chrome processes could be affected, allowing an attacker to steal sensitive data saved in your browser, such as passwords and credit card information. Google has identified several of these affected devices—77, in fact. The list includes Chromebooks made by Asus and Samsung, as well as other OEMs and, of course, Google’s own Pixelbook and Pixel Slate. A software update to Chrome OS 74 is now rolling out to these devices, disabling Hyper-Threading and bringing some mitigations to help with this security issue.
If you really depend on this feature or if the performance hit is too big—according to Google, it should be minimal—and you’re aware of the risks, then the feature can be re-enabled on a per-device basis:
Users concerned about the performance loss, such as those running CPU intensive workloads, may enable Hyper-Threading on a per machine basis. The setting is located at chrome://flags#scheduler-configuration. The “performance” setting chooses the configuration that enables Hyper-Threading. The “conservative” setting chooses the configuration that disables Hyper-Threading.
Have in mind, though, that you will be vulnerable to the ZombieLoad security flaw, and if you have any sensitive data in your device then it might be affected by an attack. A further update to Chrome OS 75 should also bring further improvements in order to help solve the issue. For more information about ZombieLoad, check out the website by the folks who discovered Meltdown and Spectre.
Want more posts like this delivered to your inbox? Enter your email to be subscribed to our newsletter.