The of deep-seated processor vulnerabilities going by the names “Meltdown” and “Spectre,” may be the biggest news in computing security in years, but you wouldn’t know that from the sites of some of the companies that should be your first line of defense.

These firms have known about these vulnerabilities longer than most–researchers told them last summer, after first detecting the issue. Having the public disclosure planned for next week moved up after word began to leak should not have left non-techie users with so much to puzzle through when looking for help from the firms behind your devices.

That kind of information vacuum neither helps customers nor security in general. And at worst, calculated silence about these massive flaws may lead anxious users to opt for questionable third-party fixes.

A three-headed problem

Meltdown and Spectre’s two variations take advantage of how modern processors try to work faster by skipping ahead of themselves. They predict the operations that will come up next, then run those tasks sooner.

Teams of researchers found that by timing this back-and-forth of data, a rogue app could start to see system-level data — for example, saved passwords — that would normally be off limits. Having hostile code running on your computer is already a problem you would have had to solve, but this escalates its potential damage.

Meltdown, which appears confined to the Intel (INTC) processors that run most PCs and all Macs, is easier to exploit but easier to patch.

Spectre also afflicts AMD (AMD) processors as well as the ARM chips in many mobile devices. So far, it appears to represent less risk but also require much more work to squash — possibly a new generation of processor architecture that doesn’t optimize so much for speed.

Good, bad and invisible

What do you do about that as you sit in front of your screen — beyond going back to bed and hiding under the covers? You wait for a patch.

Browser vendors can suppress these attacks by making it harder for any rogue code to time when to peek at the processor shuffling data and instructions. Operating-system developers, meanwhile, can further barricade access to system-level memory.

The company behind your browser and your system software, however, may not tell you much about the timing of those patches.

Google (GOOG, GOOGL), developer of the Chrome browser and the Android mobile operating system, offers the most information. A post on its primary blog points readers to a more technical note that, in turn, points to a detailed how-to that explains that the latest Android security update and a Chrome option separately address these vulnerabilities.