Apple Has Discovered One of the “critical” Security Flaws in Chrome
Google released a new update for Chrome on Tuesday, updating it to version 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. When you install the update and refresh your browser, you won’t be greeted with a new user interface or several new features or changes. Instead, you’ll be using a browser that fixes two security vulnerabilities found in older versions.
One of these security vulnerabilities is rated as High. Tracked as CVE-2024-10488, this is an exploit of a free vulnerability in WebRTC , a real-time communications protocol for web browsers. When used after mitigation, the program cannot clear the pointer to a memory location after freeing that memory location, which allows attackers to exploit the vulnerability and attack the program.
However, another drawback is more interesting to me. CVE-2024-10487 is rated as Critical Severity and is an out of bounds write in Dawn , an open source WebGPU implementation in Chrome. An out-of-bounds write error occurs when a program writes beyond the allocated memory. An attacker could take advantage of this situation to crash the program and run their own code.
But what makes CVE-2024-10487 interesting is not that it is an out-of-bounds write error, nor that it is critical: it was discovered by Apple. Google credits SEAR, Apple’s security engineering and architecture team, for discovering the vulnerability on October 23.
It’s funny to note that Apple, Google’s obvious competitor, discovered a bug in the company’s world-famous browser, but this is not the first time such a situation has happened. In fact, just last week I wrote about how Microsoft discovered a serious security vulnerability in Safari . Apple included this security patch as part of the broader version of macOS Sequoia , unlike Google, which released this small Chrome update specifically to release these two security patches to users.
The fact is that although Microsoft, Google and Apple are competitors, the big tech companies have many common interests, especially when it comes to privacy and security. As much as Apple would like everyone to use Safari, many Mac users browse the Internet using Chrome instead, and it would be bad if that many users were running a jailbroken browser on their Macs.
Since tech news headlines often highlight the places where companies compete and fight – iPhone and Android, ChatGPT (and Copilot) and Gemini, macOS and Windows, etc. – it’s nice to see that there are cases where these companies are still working together in improvement name. technology for everyone.