It’s been an interesting few days for Apple’s Security Engineering and Architecture (SEAR) team. Last week, SEAR revealed its Private Cloud Compute challenge allowing hackers to get $1 million by unveiling its new “game changer” AI platform: a major threat to the Android equivalent. And now there’s an unexpected twist, with that same Apple security team triggering an emergency update for 2 billion users of Chromium.

On Tuesday, Google updated the stable version of Chrome for Windows and Mac to 130.0.6723.91/.92. There were two security updates, the first being CVE-2024-10487, the critical flaw disclosed by Apple, and the second being CVE-2024-10488, a low-risk WebRTC flaw disclosed by a private researcher.

ForbesSamsung’s impossible deadline: you have 24 hours to update your phoneBy Zak Doffman

The threat exposed by the Apple team is “out-of-bounds writing in Dawn.” If exploited, this could allow hackers to access system memory outside of defined parameters, causing application or system crashes. This was reported by Apple less than a week before the update, which amounts to an emergency update for users.

Attacks exploiting this flaw would be executed via a maliciously crafted web page, with users lured via links in emails, messages or social media posts. It would most likely be exploited as part of a chain, putting a device at risk of immediate data theft or longer-term malware installation.

Dealing with these risks is a monthly game of cat and mouse for Google, as we saw this week with the announcement that a researcher has now released a tool to bypass Google’s latest encryption technology to better protect security cookies on devices. These security cookies allow users to log into websites without having to re-enter their credentials, and cookie theft is the type of attack that could exploit these latest memory vulnerabilities.

Ironically, Google’s addition of this technology to Chrome for Windows mirrors the existing security Apple operates on macOS. Given the level of privilege required to defeat the new technology, Google remains confident that it has raised the bar.

ForbesApple Unveils “Revolutionary” iPhone Update: Samsung Has a Serious New ProblemBy Zak Doffman

As always, there are no further details on the new threats at this time. Google explains that “access to bug details and links may be restricted until a majority of users are updated with a fix.” We will also keep restrictions if the bug exists in a third-party library that other projects also depend on, but which has not yet been fixed.

Since this issue was disclosed by Apple’s high-end security team and was resolved so quickly, all users should verify that the update has been downloaded and then restart Chrome to ensure that it installs correctly. Update instructions can be found here.