Apple Found One of Chrome’s ‘Critical’ Security Flaws


On Tuesday, Google released a new update for Chrome, upgrading it to version 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux. When you install the update and refresh your browser, you won’t be greeted with a new UI or a handful of new features or changes. Instead, you’ll be running a browser that patches two security vulnerabilities found in older versions.

One of those security vulnerabilities is labeled as “High” severity. Tracked as CVE-2024-10488, this is a use after free vulnerability in WebRTC, a real-time communication protocol for web browsers. In use after free flaws, a program fails to clear the pointer to a memory location after freeing that memory location, which enables bad actors to exploit the flaw and attack the program.

The other flaw, however, is a bit more interesting to me. CVE-2024-10487 is labeled as “Critical” severity, and is an out of bounds write in Dawn, the open-source implementation of WebGPU in Chrome. An out of bounds write flaw occurs when a program writes outside of its allocated memory. An attacker can take advantage of this situation to crash the program and run their own code.

But what makes CVE-2024-10487 interesting isn’t that it’s an out of bounds write flaw, nor that it’s Critical: It’s that Apple discovered it. Google credits SEAR, Apple’s Security Engineering and Architecture team, with identifying the vulnerability on Oct. 23.

While it’s funny to note that Apple, a clear competitor of Google’s, discovered a flaw on the company’s world-famous browser, it’s not the first time this type of situation has happened. In fact, just last week, I wrote about how Microsoft discovered a major security flaw with Safari. Apple bundled that security patch as part of the wider macOS Sequoia release, unlike Google, which released this tiny Chrome update specifically to issue these two security patches to users.

The truth of the matter is, while Microsoft, Google, and Apple are all competitors, big tech companies have many shared interests—especially when it comes to privacy and security. As much as Apple would love for everyone to use Safari, many Mac users browse the web with Chrome instead, and having those many users running a compromised browser on their Macs would be bad.

As tech headlines frequently highlight the places where companies compete and fight—iPhone and Android, ChatGPT (and Copilot) and Gemini, macOS and Windows, etc.—it’s refreshing to see that there are still times these companies work together in the name of bettering tech for everyone.




Source link

Exit mobile version