16.1 C
New York
Thursday, October 31, 2024

Apple Discovered One in every of Chrome’s ‘Crucial’ Safety Flaws



On Tuesday, Google launched a brand new replace for Chrome, upgrading it to model 130.0.6723.91/.92 for Home windows and Mac, and 130.0.6723.91 for Linux. Whenever you set up the replace and refresh your browser, you will not be greeted with a brand new UI or a handful of latest options or modifications. As an alternative, you may be operating a browser that patches two safety vulnerabilities present in older variations.

A kind of safety vulnerabilities is labeled as “Excessive” severity. Tracked as CVE-2024-10488, this can be a use after free vulnerability in WebRTC, a real-time communication protocol for net browsers. In use after free flaws, a program fails to clear the pointer to a reminiscence location after liberating that reminiscence location, which allows unhealthy actors to take advantage of the flaw and assault this system.

The opposite flaw, nevertheless, is a little more attention-grabbing to me. CVE-2024-10487 is labeled as “Crucial” severity, and is an out of bounds write in Daybreak, the open-source implementation of WebGPU in Chrome. An out of bounds write flaw happens when a program writes outdoors of its allotted reminiscence. An attacker can benefit from this case to crash this system and run their very own code.

However what makes CVE-2024-10487 attention-grabbing is not that it is an out of bounds write flaw, nor that it is Crucial: It is that Apple found it. Google credit SEAR, Apple’s Safety Engineering and Structure crew, with figuring out the vulnerability on Oct. 23.

Whereas it is humorous to notice that Apple, a transparent competitor of Google’s, found a flaw on the corporate’s world-famous browser, it is not the primary time this sort of state of affairs has occurred. In reality, simply final week, I wrote about how Microsoft found a significant safety flaw with Safari. Apple bundled that safety patch as a part of the broader macOS Sequoia launch, in contrast to Google, which launched this tiny Chrome replace particularly to challenge these two safety patches to customers.

The reality of the matter is, whereas Microsoft, Google, and Apple are all opponents, huge tech corporations have many shared pursuits—particularly in the case of privateness and safety. As a lot as Apple would love for everybody to make use of Safari, many Mac customers browse the online with Chrome as an alternative, and having these many customers operating a compromised browser on their Macs can be unhealthy.

As tech headlines often spotlight the locations the place corporations compete and battle—iPhone and Android, ChatGPT (and Copilot) and Gemini, macOS and Home windows, and so forth.—it is refreshing to see that there are nonetheless instances these corporations work collectively within the title of bettering tech for everybody.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles