When Intel learned about the Meltdown and Spectre vulnerabilities in their processor architecture, they notified a handful of key businesses and asked their assistance in developing ways to address them, before alerting the public or any government. These companies included U.S.-based Google, Microsoft, Apple, ARM, and AMD, but also China-based Lenovo and Alibaba, and it is “a near certainty” that the Chinese government learned of the flaws from the latter firms during this time.
The U.S. government and other, less-privileged business partners learned of the vulnerabilities at the same time as the general public.
The House Energy and Commerce Committee has asked these companies why they kept the information secret from the U.S. government. Most reported that they were bound by non-disclosure agreements, intended to keep the flaws on a need-to-know basis until techniques to mitigate them were ready. The Chinese companies have answered similarly, further denying that they passed the information on to their government.
