close
close

Apple unveils new Chrome threat: Google releases critical update for 2 billion users

Apple unveils new Chrome threat: Google releases critical update for 2 billion users

It’s been an interesting few days for Apple’s Security Engineering and Architecture (SEAR) team. Last week, SEAR unveiled its Private Cloud Compute Challenge for hackers to secure $1 million through its new, “game changing‘AI platform: a major threat to the Android equivalent. And now there’s an unexpected twist: that same Apple security team is activating an emergency update for 2 billion Chrome users.

On Tuesday, Google updated the stable release of Chrome for Windows and Mac 130.0.6723.91/.92. There were two security updates: the first was CVE-2024-10487, the critical flaw revealed by Apple, and the second was CVE-2024-10488, a lower-risk WebRTC flaw revealed by a private researcher.

ForbesSamsung’s impossible deadline: you have 24 hours to update your phone

The threat exposed by Apple’s team is an ‘out of bounds write in Dawn’. If exploited, this could allow hackers to access system memory outside of set parameters, which could lead to application or system crashes. This was reported by Apple less than a week prior to the update, which amounts to an emergency update for users.

Attacks exploiting this flaw would be carried out via a maliciously crafted web page, luring users via links in emails, messages, or social media posts. It would most likely be exploited as part of a chain, exposing a device to the risk of immediate data theft or longer-term installation of malware.

Tackling such risks is a monthly cat-and-mouse game for Google, as we saw this week with the news that a researcher now has released a tool to bypass Google’s latest encryption technology to better protect security cookies on devices. These security cookies allow users to log into websites without having to re-enter credentials, and cookie theft is the type of attack that can take advantage of these latest memory vulnerabilities.

Ironically, Google’s addition of this technology to Chrome for Windows mirrors Apple’s existing security on macOS. Given the level of privilege required to beat the new technology, Google remains confident it has raised the bar.

ForbesApple unveils ‘groundbreaking’ iPhone update: Samsung has a serious new problem

As always, there are no further details about the new threats at this time. Google explains that “access to bug details and links may remain limited until the majority of users have been updated with a fix. We will also enforce restrictions if the bug exists in a third-party library that other projects similarly depend on but have not yet been resolved.”

Since this was revealed by Apple’s advanced security team and fixed so quickly, all users should check to see if the update has been downloaded and then restart Chrome to ensure it installs correctly. Update instructions can be found here.