The Wall Street Journal reported that a small group of customers, including Chinese technology firms, were among those who were notified about the flaws, dubbed Meltdown and Spectre, first.
Among the first to be told were Lenovo, Microsoft, Amazon, Alibaba and the UK branch of Arm.
Earlier this month, the head of the OpenBSD project, Theo de Raadt, told iTWire that the disclosure of the bug was handled "in an incredibly bad way".
The two flaws were revealed in the first week of January and affect Intel processors made since 1995.
Meltdown removes the barrier between user applications and sensitive parts of the operating system. Spectre, which is also reportedly found in some AMD and ARM processors, can trick vulnerable applications into leaking the contents of their memory.
The flaw was initially discovered by a security researcher from Google's Project Zero team and reported to Intel which planned to make an announcement on 9 January — the day on which Microsoft was scheduled to announce its monthly updates — but advanced the date when news of the bugs leaked to the media.
The WSJ quoted Jake Williams, head of Rendition Infosec, as claiming that the Chinese Government was probably aware of the flaws as well. Williams, a former member of the NSA's elite Tailored Access Operations hacking group, said that such flaws would be of great interest to an agency which was collecting intelligence as they could be used to capture data from the cloud.
At the time of the disclosure, it also emerged that Intel chief executive Brian Krzanich had sold stock and options and netted US$25 million in late November 2017, well after Google had informed the company of flaws in its processors.
Krzanich avoided making any mention of the controversial sale in his keynote at the Consumer Electronics Show in Las Vegas later in the month.
The US Department of Homeland Security learned of the flaws from news reports after it became public knowledge, an official told the WSJ. The NSA also claimed it had not had advance knowledge of the flaws.