Millions of Chrome users are scrambling to update their browsers following a critical security flaw uncovered by Apple’s renowned Security Engineering and Architecture (SEAR) team.
Last Tuesday, Google released an emergency update for Chrome, pushing the stable version to 130.0.6723.91/.92 for Windows and Mac. The update addressed two major security vulnerabilities: CVE-2024-10487, a critical flaw disclosed by Apple, and CVE-2024-10488, a lower-risk WebRTC flaw discovered by a private researcher.
Apple’s Discovery: A Dangerous Flaw
Apple’s disclosed vulnerability, CVE-2024-10487, involves a critical “out-of-bounds write” issue within Chrome’s Dawn rendering engine. Exploitation of this flaw could grant hackers unauthorized access to system memory, potentially leading to application crashes, data theft, or malware installation.
Attackers could exploit this vulnerability by crafting malicious webpages, enticing users to click on links embedded in emails, messages, or social media posts. This vulnerability is particularly dangerous as it could be exploited in conjunction with other vulnerabilities, creating a chain reaction of attacks.
Chrome security threats
Interestingly, Google’s implementation of the security technology in Chrome mirrors Apple’s existing security measures on macOS. Google remains confident that this addition raises the security bar despite the potential threat.
Google chose to quickly address the vulnerability, restricting details about the flaw to protect users. Access to specific bug details and links might remain limited until most users update their browsers, ensuring widespread protection.
Given the severity of the vulnerability and Apple’s involvement, all Chrome users are strongly urged to immediately update their browsers.
Update instructions are available here.