There are a few end of life products that won't be getting a patch. Google has published a list that includes every Chromebook model, which are vulnerable to Meltdown and the patch status of each one. You can check out the list here. The column you'll most want to pay attention to is the one titled "CVE-2017-5754 mitigations (KPTI) on M63?" If the device has a "Yes" or a "Not needed" in that column, it's safe and if you own it, you have one less thing to worry about. A "No" in that column means the device will need an update to be protected against Meltdown. But if the device is listed as "EoL," there will be no patches for it because it's an end of life product and is no longer supported. EoL devices include Samsung Chromebook Series 5, Samsung Chromebook Series 5 550, Cr-48, Acer C7 Chromebook and Acer AC700. The Meltdown and Spectre exploits were revealed earlier this month and a number of updates to address the security issues have already been released by Intel, Apple, Microsoft and NVIDIA. Intel, which says it will patch all affected chips produced in the last five years by the end of the month, is now facing multiple lawsuits over its chips' security flaws.
If youre a regular Chromebook user and worried about the Meltdown bug endangering your data, Google has published a table on the Chromium Wiki detailing which devices are vulnerable, which arent, and which have been patched. You can read it in full here. If the table says Yes or Not needed in the column labelled CVE-2017-5754 mitigations (KPTI) on M63? then the device is safe. If it says no, then itll need an update to make things right. And if it says EoL (meaning end-of-life) then that update is never coming because the device is no longer supported. The list (seen via AndroidPolice) shows what we already knew — that most of Googles own devices are already protected. Meltdown affects mainly Intel processors (although some ARM chips are vulnerable too) and Intel-based Chromebooks are safe if they use versions 3.18 or 4.4 of the Linux kernel. You can check this on your own Chrome OS device by going to chrome://gpu then looking at the Operating System row in the table marked Version Information. Protecting individual devices against Meltdown (and its sister-bug Spectre) is only part of the battle. These are fundamental flaws that have been exposed in the very architecture of the worlds most popular processors. And these problems arent going to go away quickly.